summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans Insulander <hin@cvs.openbsd.org>2001-06-22 21:26:54 +0000
committerHans Insulander <hin@cvs.openbsd.org>2001-06-22 21:26:54 +0000
commit7f0d3969b33f9df8ff58e94337621eb515a896d4 (patch)
tree39de3d1da504b5f13aa42a19166e638712c33424
parent9ad9ea34bd18860211e904e6adbbe1c8b93e730c (diff)
Import of heimdal-0.3f
Lots of changes, highlights include: * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, the new keytab type that tries both of these in order (SRVTAB is also an alias for krb4:) * improve error reporting and error handling (error messages should be more detailed and more useful) * the API is closer to what MIT krb5 is using * more compatible with windows 2000 * removed some memory leaks * bug fixes
Diffstat
-rw-r--r--kerberosV/src/cf/cf.new.fixit0
-rw-r--r--kerberosV/src/doc/standardisation/standardisation.new.fixit0
-rw-r--r--kerberosV/src/etc/etc.new.fixit0
-rw-r--r--kerberosV/src/include/include.new.fixit0
-rw-r--r--kerberosV/src/include/kadm5/kadm5.new.fixit0
-rw-r--r--kerberosV/src/kadmin/kadmin.cat8123
-rw-r--r--kerberosV/src/kadmin/kadmin.new.fixit0
-rw-r--r--kerberosV/src/kadmin/kadmind.cat893
-rw-r--r--kerberosV/src/kdc/hprop.cat8103
-rw-r--r--kerberosV/src/kdc/hpropd.cat843
-rw-r--r--kerberosV/src/kdc/kdc.cat8118
-rw-r--r--kerberosV/src/kdc/kdc.new.fixit0
-rw-r--r--kerberosV/src/kdc/kstash.cat834
-rw-r--r--kerberosV/src/kdc/string2key.cat842
-rw-r--r--kerberosV/src/kpasswd/kpasswd.cat120
-rw-r--r--kerberosV/src/kpasswd/kpasswd.new.fixit0
-rw-r--r--kerberosV/src/kpasswd/kpasswdd.cat854
-rw-r--r--kerberosV/src/kuser/kdestroy.cat130
-rw-r--r--kerberosV/src/kuser/kgetcred.cat127
-rw-r--r--kerberosV/src/kuser/kinit.cat1119
-rw-r--r--kerberosV/src/kuser/klist.cat189
-rw-r--r--kerberosV/src/kuser/kuser.new.fixit0
-rw-r--r--kerberosV/src/lib/45/45.new.fixit0
-rw-r--r--kerberosV/src/lib/asn1/asn1.new.fixit0
-rw-r--r--kerberosV/src/lib/auth/afskauthlib/afskauthlib.new.fixit0
-rw-r--r--kerberosV/src/lib/auth/auth.new.fixit0
-rw-r--r--kerberosV/src/lib/auth/pam/pam.new.fixit0
-rw-r--r--kerberosV/src/lib/auth/sia/sia.new.fixit0
-rw-r--r--kerberosV/src/lib/com_err/com_err.new.fixit0
-rw-r--r--kerberosV/src/lib/des/asm/asm.new.fixit0
-rw-r--r--kerberosV/src/lib/des/des.new.fixit0
-rw-r--r--kerberosV/src/lib/des/t/t.new.fixit0
-rw-r--r--kerberosV/src/lib/editline/editline.cat3198
-rw-r--r--kerberosV/src/lib/editline/editline.new.fixit0
-rw-r--r--kerberosV/src/lib/gssapi/gssapi.new.fixit0
-rw-r--r--kerberosV/src/lib/hdb/hdb.new.fixit0
-rw-r--r--kerberosV/src/lib/kadm5/kadm5.new.fixit0
-rw-r--r--kerberosV/src/lib/kafs/kafs.cat395
-rw-r--r--kerberosV/src/lib/kafs/kafs.new.fixit0
-rw-r--r--kerberosV/src/lib/kafs/roken_rename.h50
-rw-r--r--kerberosV/src/lib/kdfs/kdfs.new.fixit0
-rw-r--r--kerberosV/src/lib/krb5/derived-key-test.c119
-rw-r--r--kerberosV/src/lib/krb5/error_string.c95
-rw-r--r--kerberosV/src/lib/krb5/keytab_any.c210
-rw-r--r--kerberosV/src/lib/krb5/krb5.new.fixit0
-rw-r--r--kerberosV/src/lib/krb5/krb5_keytab.3358
-rw-r--r--kerberosV/src/lib/krb5/store-test.c115
-rw-r--r--kerberosV/src/lib/lib.new.fixit0
-rw-r--r--kerberosV/src/lib/otp/otp.new.fixit0
-rw-r--r--kerberosV/src/lib/roken/bswap.c61
-rw-r--r--kerberosV/src/lib/roken/roken.new.fixit0
-rw-r--r--kerberosV/src/lib/sl/sl.new.fixit0
-rw-r--r--kerberosV/src/lib/vers/vers.new.fixit0
-rw-r--r--kerberosV/src/tools/krb5-config.cat152
-rw-r--r--kerberosV/src/tools/tools.new.fixit0
55 files changed, 2248 insertions, 0 deletions
diff --git a/kerberosV/src/cf/cf.new.fixit b/kerberosV/src/cf/cf.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/cf/cf.new.fixit
diff --git a/kerberosV/src/doc/standardisation/standardisation.new.fixit b/kerberosV/src/doc/standardisation/standardisation.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/doc/standardisation/standardisation.new.fixit
diff --git a/kerberosV/src/etc/etc.new.fixit b/kerberosV/src/etc/etc.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/etc/etc.new.fixit
diff --git a/kerberosV/src/include/include.new.fixit b/kerberosV/src/include/include.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/include/include.new.fixit
diff --git a/kerberosV/src/include/kadm5/kadm5.new.fixit b/kerberosV/src/include/kadm5/kadm5.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/include/kadm5/kadm5.new.fixit
diff --git a/kerberosV/src/kadmin/kadmin.cat8 b/kerberosV/src/kadmin/kadmin.cat8
new file mode 100644
index 00000000000..31885a7ba67
--- /dev/null
+++ b/kerberosV/src/kadmin/kadmin.cat8
@@ -0,0 +1,123 @@
+
+KADMIN(8) UNIX System Manager's Manual KADMIN(8)
+
+NNAAMMEE
+ kkaaddmmiinn - Kerberos administration utility
+
+SSYYNNOOPPSSIISS
+ kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
+ _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
+ ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
+ ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
+ [_c_o_m_m_a_n_d]
+
+DDEESSCCRRIIPPTTIIOONN
+ The kkaaddmmiinn program is used to make modification to the Kerberos database,
+ either remotely via the kadmind(8) daemon, or locally (with the --ll op-
+ tion).
+
+ Supported options:
+
+ --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
+ principal to authenticate as
+
+ --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
+ keytab for authentication pricipal
+
+ --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ location of config file
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ location of master key file
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ realm to use
+
+ --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
+ server to contact
+
+ --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
+ port to use
+
+ --ll, ----llooccaall
+ local admin mode
+
+ If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
+ mands to process. Commands include:
+
+ aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+ ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
+ [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+ [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
+
+ creates a new principal
+
+ ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+ ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+ changes the password of an existing principal
+
+ ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
+
+ removes a principal
+
+ ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
+
+
+ removes some enctypes from a principal, this can be useful
+ the service belonging to the principal is known to not handle
+ certain enctypes
+
+ eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+ creates a keytab with the keys of the specified principals
+
+ ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
+
+ lists the principals that match the expressions (which are
+ shell glob like), long format gives more information, and
+ terse just prints the names
+
+ rreennaammee _f_r_o_m _t_o
+
+ renames a principal
+
+ mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+ [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
+ [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
+ [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
+
+ modifies certain attributes of a principal
+
+ pprriivviilleeggeess
+
+ lists the operations you are allowd to perform
+
+ When running in local mode, the following commands can also be used.
+
+ dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
+
+ writes the database in ``human readable'' form to the speci-
+ fied file, or standard out
+
+ iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
+ [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
+
+ initialises the Kerberos database with entries for a new
+ realm, it's possible to have more than one realm served by
+ one server
+
+ llooaadd _f_i_l_e
+
+ reads a previously dumped database, and re-creates that
+ database from scratch
+
+ mmeerrggee _f_i_l_e
+
+ similar to lliisstt but just modifies the database with the en-
+ tries in the dump file
+
+SSEEEE AALLSSOO
+ kadmind(8), kdc(8)
+
+ HEIMDAL September 10, 2000 2
diff --git a/kerberosV/src/kadmin/kadmin.new.fixit b/kerberosV/src/kadmin/kadmin.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/kadmin/kadmin.new.fixit
diff --git a/kerberosV/src/kadmin/kadmind.cat8 b/kerberosV/src/kadmin/kadmind.cat8
new file mode 100644
index 00000000000..c03ae18ea4e
--- /dev/null
+++ b/kerberosV/src/kadmin/kadmind.cat8
@@ -0,0 +1,93 @@
+
+KADMIND(8) UNIX System Manager's Manual KADMIND(8)
+
+NNAAMMEE
+ kkaaddmmiinndd - server for administrative access to kerberos database
+
+SSYYNNOOPPSSIISS
+ kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+ [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
+ ----ppoorrttss==_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkaaddmmiinndd listens for requests for changes to the Kerberos database and
+ performs these, subject to permissions. When starting, if stdin is a
+ socket it assumes that it has been started by inetd(8), otherwise it be-
+ haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
+ option causes kkaaddmmiinndd to accept exactly one connection, which is useful
+ for debugging.
+
+ If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
+ ministrative protocol and the Kerberos 4 protocol. Password changes via
+ the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass-
+ wdd(8) daemon is responsible for the Kerberos 5 password changing proto-
+ col (used by kpasswd(1))
+
+ This daemon should only be run on ther master server, and not on any
+ slaves.
+
+ Principals are always allowed to change their own password and list their
+ own principals. Apart from that, doing any operation requires permission
+ explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
+ this file is:
+
+ _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
+
+ Where rights is any combination of:
+
+ ++oo change-password | cpw
+
+ ++oo list
+
+ ++oo delete
+
+ ++oo modify
+
+ ++oo add
+
+ ++oo get
+
+ ++oo all
+
+ And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals
+ that match the glob-style pattern.
+
+ Supported options:
+
+ --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ location of config file
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ location of master key file
+
+ ----kkeeyyttaabb==_k_e_y_t_a_b
+
+
+ what keytab to use
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ realm to use
+
+ --dd, ----ddeebbuugg
+ enable debugging
+
+ --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
+ ports to listen to. By default, if run as a daemon, it listen to
+ ports 749, and 751 (if built with Kerberos 4 support), but you
+ can add any number of ports with this option. The port string is
+ a whitespace separated list of port specifications, with the spe-
+ cial string ``+'' representing the default set of ports.
+
+FFIILLEESS
+ _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
+
+EEXXAAMMPPLLEESS
+ This will cause kadmind to listen to port 4711 in addition to any com-
+ piled in defaults:
+
+ # kadmind --ports="+ 4711" &
+
+SSEEEE AALLSSOO
+ kdc(8), kadmin(1), kpasswdd(8), kpasswd(1)
+
+ HEIMDAL June 7, 2000 2
diff --git a/kerberosV/src/kdc/hprop.cat8 b/kerberosV/src/kdc/hprop.cat8
new file mode 100644
index 00000000000..f6c70b4ca62
--- /dev/null
+++ b/kerberosV/src/kdc/hprop.cat8
@@ -0,0 +1,103 @@
+
+HPROP(8) UNIX System Manager's Manual HPROP(8)
+
+NNAAMMEE
+ hhpprroopp - propagate the KDC database
+
+SSYYNNOOPPSSIISS
+ hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
+ [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p] [--44 | ----vv44--ddbb] [--KK |
+ ----kkaa--ddbb] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--rr _s_t_r_i_n_g |
+ ----vv44--rreeaallmm==_s_t_r_i_n_g] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g |
+ ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE | ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv
+ | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp] _h_o_s_t[:_p_o_r_t] _._._.
+
+DDEESSCCRRIIPPTTIIOONN
+ hhpprroopp takes a principal database in a specified format and converts it
+ into a stream of Heimdal database records. This stream can either be
+ written to standard out, or (more commonly) be propagated to a hpropd(8)
+ server running on a different machine.
+
+ If propagating, it connects to all _h_o_s_t_s specified on the command by
+ opening a TCP connection to port 754 (service hprop) and sends the
+ database in encrypted form.
+
+ Supported options:
+
+ --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
+ Where to find the master key to encrypt or decrypt keys with.
+
+ --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+ The database to be propagated.
+
+ ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p
+ Specifies the type of the source database. Alternatives include:
+
+ heimdal a Heimdal database
+
+ mit-dump a MIT Kerberos 5 dump file
+
+ krb4-db a Kerberos 4 database
+
+ krb4-dump a Kerberos 4 dump file
+
+ kaserver a Transarc kaserver database
+
+ --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+ The keytab to use for fetching the key to be used for authenti-
+ cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
+ from this keytab. The default is to fetch the key from the KDC
+ database.
+
+ --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
+ Local realm override.
+
+ --DD, ----ddeeccrryypptt
+ The encryption keys in the database can either be in clear, or
+ encrypted with a master key. This option thansmits the database
+ with unencrypted keys.
+
+ --EE, ----eennccrryypptt
+ This option thansmits the database with encrypted keys.
+
+ --nn, ----ssttddoouutt
+ Dump the database on stdout, in a format that can be fed to
+ hpropd.
+
+ The following options are only valid if hhpprroopp is compiled with support
+ for Kerberos 4 (kaserver).
+
+ --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
+ v4 realm to use
+
+ --cc _c_e_l_l, ----cceellll==_c_e_l_l
+ The AFS cell name, used if reading a kaserver database.
+
+ --SS, ----kkaassppeecciiaallss
+ Also dump the principals marked as special in the kaserver
+ database.
+
+ --44, ----vv44--ddbb
+ Deprecated, identical to `--source=krb4-db'.
+
+ --KK, ----kkaa--ddbb
+ Deprecated, identical to `--source=kaserver'.
+
+EEXXAAMMPPLLEESS
+ The following will propagate a database to another machine (which should
+ run hpropd(8):)
+
+ $ hprop slave-1 slave-2
+
+ Copy a Kerberos 4 database to a Kerberos 5 slave:
+
+ $ hprop --source=krb4-db -E krb5-slave
+
+ Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
+
+ $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n
+
+SSEEEE AALLSSOO
+ hpropd(8)
+
+ HEIMDAL June 19, 2000 2
diff --git a/kerberosV/src/kdc/hpropd.cat8 b/kerberosV/src/kdc/hpropd.cat8
new file mode 100644
index 00000000000..5218e6d12d5
--- /dev/null
+++ b/kerberosV/src/kdc/hpropd.cat8
@@ -0,0 +1,43 @@
+
+HPROPD(8) UNIX System Manager's Manual HPROPD(8)
+
+NNAAMMEE
+ hhpprrooppdd - receive a propagated database
+
+SSYYNNOOPPSSIISS
+ hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
+ ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
+
+DDEESSCCRRIIPPTTIIOONN
+ hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local
+ database.
+
+ By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
+ and expects to receive the dumped database over stdin otherwise. If the
+ database is sent over the network, it is authenticated and encrypted.
+ Only connections from kadmin/hprop are accepted.
+
+ Options supported:
+
+ --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+ database
+
+ --nn, ----ssttddiinn
+ read from stdin
+
+ ----pprriinntt
+ print dump to stdout
+
+ --ii, ----nnoo--iinneettdd
+ Not started from inetd
+
+ --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+ keytab to use for authentication
+
+ --44, ----vv44dduummpp
+ create v4 type DB
+
+SSEEEE AALLSSOO
+ hprop(8)
+
+ HEIMDAL August 27, 1997 1
diff --git a/kerberosV/src/kdc/kdc.cat8 b/kerberosV/src/kdc/kdc.cat8
new file mode 100644
index 00000000000..234b76dc97b
--- /dev/null
+++ b/kerberosV/src/kdc/kdc.cat8
@@ -0,0 +1,118 @@
+
+KDC(8) UNIX System Manager's Manual KDC(8)
+
+NNAAMMEE
+ kkddcc - Kerberos 5 server
+
+SSYYNNOOPPSSIISS
+ kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
+ [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
+ [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
+ ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkddcc serves requests for tickets. When it starts, it first checks the
+ flags passed, any options that are not specified with a command line flag
+ is taken from a config file, or from a default compiled-in value.
+
+ Options supported:
+
+ --cc _f_i_l_e
+
+ ----ccoonnffiigg--ffiillee==_f_i_l_e
+ Specifies the location of the config file, the default is
+ _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be spec-
+ ified in the config file.
+
+ --pp
+
+ ----nnoo--rreeqquuiirree--pprreeaauutthh
+ Turn off the requirement for pre-autentication in the initial AS-
+ REQ for all principals. The use of pre-authentication makes it
+ more difficult to do offline password attacks. You might want to
+ turn it off if you have clients that doesn't do pre-authentica-
+ tion. Since the version 4 protocol doesn't support any pre-au-
+ thentication, so serving version 4 clients is just about the same
+ as not requiring pre-athentication. The default is to require
+ pre-authentication. Adding the require-preauth per principal is a
+ more flexible way of handling this.
+
+ ----mmaaxx--rreeqquueesstt==_s_i_z_e
+ Gives an upper limit on the size of the requests that the kdc is
+ willing to handle.
+
+ --HH, ----eennaabbllee--hhttttpp
+ Makes the kdc listen on port 80 and handle requests encapsulated
+ in HTTP.
+
+ --KK, ----nnoo--kkaasseerrvveerr
+ Disables kaserver emulation (in case it's compiled in).
+
+ --rr _r_e_a_l_m
+
+ ----vv44--rreeaallmm==_r_e_a_l_m
+ What realm this server should act as when dealing with version 4
+ requests. The database can contain any number of realms, but
+ since the version 4 protocol doesn't contain a realm for the
+ server, it must be explicitly specified. The default is whatever
+ is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if
+ the KDC has been compiled with version 4 support.
+
+ --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
+ Specifies the set of ports the KDC should listen on. It is given
+ as a white-space separated list of services or port numbers.
+
+ ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
+ The list of addresses to listen for requests on. By default, the
+ kdc will listen on all the locally configured addresses. If only
+ a subset is desired, or the automatic detection fails, this op-
+ tion might be used.
+
+ All activities , are logged to one or more destinations, see
+ krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc.
+
+CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
+ The configuration file has the same syntax as the _k_r_b_5_._c_o_n_f file (you can
+ actually put the configuration in _/_e_t_c_/_k_r_b_5_._c_o_n_f, and then start the KDC
+ with ----ccoonnffiigg--ffiillee==_/_e_t_c_/_k_r_b_5_._c_o_n_f). All options should be in a section
+ called ``kdc''. All the command-line options can preferably be added in
+ the configuration file. The only difference is the pre-authentication
+ flag, that has to be specified as:
+
+ require-preauth = no
+
+ (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
+
+ And there are some configuration options which do not have command-line
+ equivalents:
+
+ check-ticket-addresses = _b_o_o_l_e_a_n
+ Check the addresses in the ticket when processing TGS re-
+ quests. The default is FALSE.
+
+ allow-null-ticket-addresses = _b_o_o_l_e_a_n
+ Permit tickets with no addresses. This option is only rele-
+ vant when check-ticket-addresses is TRUE.
+
+ allow-anonymous = _b_o_o_l_e_a_n
+ Permit anonymous tickets with no addresses.
+
+ encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
+ Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
+ code. The Heimdal clients allow both.
+
+ kdc_warn_pwexpire = _t_i_m_e
+ How long before password/principal expiration the KDC should
+ start sending out warning messages.
+
+ An example of a config file:
+
+ [kdc]
+ require-preauth = no
+ v4-realm = FOO.SE
+ key-file = /key-file
+
+SSEEEE AALLSSOO
+ kinit(1)
+
+ HEIMDAL July 27, 1997 2
diff --git a/kerberosV/src/kdc/kdc.new.fixit b/kerberosV/src/kdc/kdc.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/kdc/kdc.new.fixit
diff --git a/kerberosV/src/kdc/kstash.cat8 b/kerberosV/src/kdc/kstash.cat8
new file mode 100644
index 00000000000..7dd2c7a7c75
--- /dev/null
+++ b/kerberosV/src/kdc/kstash.cat8
@@ -0,0 +1,34 @@
+
+KSTASH(8) UNIX System Manager's Manual KSTASH(8)
+
+NNAAMMEE
+ kkssttaasshh - store the KDC master password in a file
+
+SSYYNNOOPPSSIISS
+ kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+ [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkssttaasshh reads the Kerberos master key and stores it in a file that will be
+ used by the KDC.
+
+ Supported options:
+
+ --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
+ the encryption type to use, defaults to DES3-CBC-SHA1
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ the name of the master key file
+
+ ----ccoonnvveerrtt--ffiillee
+ don't ask for a new master key, just read an old master key file,
+ and writes it back in the new keyfile format
+
+ ----mmaasstteerr--kkeeyy--ffdd==_f_d
+ filedescriptor to read passphrase from, if not specified the
+ passphrase will be read from the terminal
+
+SSEEEE AALLSSOO
+ kdc(8)
+
+ HEIMDAL September 1, 2000 1
diff --git a/kerberosV/src/kdc/string2key.cat8 b/kerberosV/src/kdc/string2key.cat8
new file mode 100644
index 00000000000..d70e150b50b
--- /dev/null
+++ b/kerberosV/src/kdc/string2key.cat8
@@ -0,0 +1,42 @@
+
+STRING2KEY(8) UNIX System Manager's Manual STRING2KEY(8)
+
+NNAAMMEE
+ ssttrriinngg22kkeeyy - map a password into a key
+
+SSYYNNOOPPSSIISS
+ ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
+ ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
+ ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
+
+DDEESSCCRRIIPPTTIIOONN
+ ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you
+ want to handle the raw key instead of the password. Supported options:
+
+ --55, ----vveerrssiioonn55
+ Output Kerberos v5 string-to-key
+
+ --44, ----vveerrssiioonn44
+ Output Kerberos v4 string-to-key
+
+ --aa, ----aaffss
+ Output AFS string-to-key
+
+ --cc _c_e_l_l, ----cceellll==_c_e_l_l
+ AFS cell to use
+
+ --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
+ Password to use
+
+ --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
+ Kerberos v5 principal to use
+
+ --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
+ Keytype
+
+ ----vveerrssiioonn
+ print version
+
+ ----hheellpp
+
+ HEIMDAL March 4, 2000 1
diff --git a/kerberosV/src/kpasswd/kpasswd.cat1 b/kerberosV/src/kpasswd/kpasswd.cat1
new file mode 100644
index 00000000000..874fb22fd34
--- /dev/null
+++ b/kerberosV/src/kpasswd/kpasswd.cat1
@@ -0,0 +1,20 @@
+
+KPASSWD(1) UNIX Reference Manual KPASSWD(1)
+
+NNAAMMEE
+ kkppaasssswwdd - Kerberos 5 password changing program
+
+SSYYNNOOPPSSIISS
+ kkppaasssswwdd [_p_r_i_n_c_i_p_a_l]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkppaasssswwdd is the client for changing passwords.
+
+DDIIAAGGNNOOSSTTIICCSS
+ If the password quality check fails or some other error occurs, an expla-
+ nation is printed.
+
+SSEEEE AALLSSOO
+ kpasswdd(8)
+
+ HEIMDAL Aug 27, 1997 1
diff --git a/kerberosV/src/kpasswd/kpasswd.new.fixit b/kerberosV/src/kpasswd/kpasswd.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/kpasswd/kpasswd.new.fixit
diff --git a/kerberosV/src/kpasswd/kpasswdd.cat8 b/kerberosV/src/kpasswd/kpasswdd.cat8
new file mode 100644
index 00000000000..b7d2e8dc91f
--- /dev/null
+++ b/kerberosV/src/kpasswd/kpasswdd.cat8
@@ -0,0 +1,54 @@
+
+KPASSWDD(8) UNIX System Manager's Manual KPASSWDD(8)
+
+NNAAMMEE
+ kkppaasssswwdddd - Kerberos 5 password changing server
+
+SSYYNNOOPPSSIISS
+ kkppaasssswwdddd [----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y] [----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n] [--kk _k_s_p_e_c
+ | ----kkeeyyttaabb==_k_s_p_e_c] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--pp _s_t_r_i_n_g | ----ppoorrtt==_s_t_r_i_n_g]
+ [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkppaasssswwdddd serves request for password changes. It listens on UDP port 464
+ (service kpasswd) and processes requests when they arrive. It changes the
+ database directly and should thus only run on the master KDC.
+
+ Supported options:
+
+ ----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y
+ If your system has support for dynamic loading of shared li-
+ braries, you can use an external function to check password qual-
+ ity. This option specifies which library to load.
+
+ ----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n
+ This is the function to call in the loaded library. The function
+ should look like this:
+
+ _c_o_n_s_t _c_h_a_r _* ppaasssswwdd__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l
+ _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d)
+
+ _c_o_n_t_e_x_t is an initialized context; _p_r_i_n_c_i_p_a_l is the one who tries
+ to change passwords, and _p_a_s_s_w_o_r_d is the new password. Note that
+ the password (in _p_a_s_s_w_o_r_d_-_>_d_a_t_a) is not zero terminated.
+
+ --kk _k_s_p_e_c, ----kkeeyyttaabb==_k_s_p_e_c
+ keytab to get authentication key from
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ default realm
+
+ --pp _s_t_r_i_n_g, ----ppoorrtt==_s_t_r_i_n_g
+ port to listen on (default service kpasswd - 464).
+
+DDIIAAGGNNOOSSTTIICCSS
+ If an error occurs, the error message is returned to the user and/or
+ logged to syslog.
+
+BBUUGGSS
+ The default password quality checks are too basic.
+
+SSEEEE AALLSSOO
+ kdc(8), kpasswd(1)
+
+ HEIMDAL April 19, 1999 1
diff --git a/kerberosV/src/kuser/kdestroy.cat1 b/kerberosV/src/kuser/kdestroy.cat1
new file mode 100644
index 00000000000..0949f9687bc
--- /dev/null
+++ b/kerberosV/src/kuser/kdestroy.cat1
@@ -0,0 +1,30 @@
+
+KDESTROY(1) UNIX Reference Manual KDESTROY(1)
+
+NNAAMMEE
+ kkddeessttrrooyy - destroy the current ticket file
+
+SSYYNNOOPPSSIISS
+ kkddeessttrrooyy [--cc _c_a_c_h_e_f_i_l_e] [----ccaacchhee==_c_a_c_h_e_f_i_l_e] [----nnoo--uunnlloogg] [----nnoo--ddeelleettee--vv44]
+ [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkddeessttrrooyy remove the current set of tickets.
+
+ Supported options:
+
+ --cc _c_a_c_h_e_f_i_l_e
+
+ --ccaacchhee==_c_a_c_h_e_f_i_l_e
+ The cache file to remove.
+
+ ----nnoo--uunnlloogg
+ Do not remove AFS tokens.
+
+ ----nnoo--ddeelleettee--vv44
+ Do not remove v4 tickets.
+
+SSEEEE AALLSSOO
+ kinit(1), klist(1)
+
+ HEIMDAL August 27, 1997 1
diff --git a/kerberosV/src/kuser/kgetcred.cat1 b/kerberosV/src/kuser/kgetcred.cat1
new file mode 100644
index 00000000000..63a6c983a74
--- /dev/null
+++ b/kerberosV/src/kuser/kgetcred.cat1
@@ -0,0 +1,27 @@
+
+KGETCRED(1) UNIX Reference Manual KGETCRED(1)
+
+NNAAMMEE
+ kkggeettccrreedd - get a ticket for a particular service
+
+SSYYNNOOPPSSIISS
+ kkggeettccrreedd [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [----vveerrssiioonn] [----hheellpp] _s_e_r_v_i_c_e
+
+DDEESSCCRRIIPPTTIIOONN
+ kkggeettccrreedd obtains a ticket for a service. Usually tickets for services
+ are obtained automatically when needed but sometimes for some odd reason
+ you want to obtain a particular ticket or of a special type.
+
+ Supported options:
+
+ --ee _e_n_c_t_y_p_e, ----eennccttyyppee==_e_n_c_t_y_p_e
+ encryption type to use
+
+ ----vveerrssiioonn
+
+ ----hheellpp
+
+SSEEEE AALLSSOO
+ kinit(1), klist(1)
+
+ HEIMDAL May 14, 1999 1
diff --git a/kerberosV/src/kuser/kinit.cat1 b/kerberosV/src/kuser/kinit.cat1
new file mode 100644
index 00000000000..35073856829
--- /dev/null
+++ b/kerberosV/src/kuser/kinit.cat1
@@ -0,0 +1,119 @@
+
+KINIT(1) UNIX Reference Manual KINIT(1)
+
+NNAAMMEE
+ kkiinniitt, kkaauutthh - acquire initial tickets
+
+SSYYNNOOPPSSIISS
+ kkiinniitt [--44 | ----552244iinniitt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e | ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff
+ | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e | ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e |
+ ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee] [--RR | ----rreenneeww] [----rreenneewwaabbllee]
+ [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS _p_r_i_n_c_i_p_a_l |
+ ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk |
+ ----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e | ----eennccttyyppeess==_e_n_c_t_y_p_e]
+ [----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
+ [----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
+ none is given, a system generated default (typically your login name at
+ the default realm), and acquire a ticket granting ticket that can later
+ be used to obtain tickets for other services.
+
+ If you have compiled kinit with Kerberos 4 support and you have a Ker-
+ beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
+
+ Supported options:
+
+ --cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
+ The credentials cache to put the acquired ticket in, if other
+ than default.
+
+ --ff, ----ffoorrwwaarrddaabbllee
+ Get ticket that can be forwarded to another host.
+
+ --tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
+ Don't ask for a password, but instead get the key from the speci-
+ fied keytab.
+
+ --ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
+ Specifies the lifetime of the ticket. The argument can either be
+ in seconds, or a more human readable string like `1h'.
+
+ --pp, ----pprrooxxiiaabbllee
+ Request tickets with the proxiable flag set.
+
+ --RR, ----rreenneeww
+ Try to renew ticket. The ticket must have the `renewable' flag
+ set, and must not be expired.
+
+ ----rreenneewwaabbllee
+ The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
+
+ --rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
+ The max renewable ticket life.
+
+ --SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
+ Get a ticket for a service other than krbtgt/LOCAL.REALM.
+
+ --ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
+ Obtain a ticket that starts to be valid _t_i_m_e (which can really be
+ a generic time specification, like `1h') seconds into the future.
+
+ --kk, ----uussee--kkeeyyttaabb
+ The same as ----kkeeyyttaabb, but with the default keytab name (normally
+
+ _F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
+
+ --vv, ----vvaalliiddaattee
+ Try to validate an invalid ticket.
+
+ --ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
+ Request tickets with this particular enctype.
+
+ ----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
+ Create a credentials cache of version vveerrssiioonn.
+
+ ----nnoo--aaddddrreesssseess
+ Request a ticket with no addresses.
+
+ ----aannoonnyymmoouuss
+ Request an anonymous ticket (which means that the ticket will be
+ issued to an anonymous principal, typically ``anonymous@REALM).''
+
+ The following options are only available if kkiinniitt has been compiled with
+ support for Kerberos 4. The kkaauutthh program is identical to kkiinniitt, but has
+ these options enabled by default.
+
+ --44, ----552244iinniitt
+ Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
+ patible ticket. It will store this ticket in the default Kerberos
+ 4 ticket file.
+
+ ----aaffsslloogg
+ Gets AFS tickets, converts them to version 4 format, and stores
+ them in the kernel. Only useful if you have AFS.
+
+ The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
+ be set to a default value from the appdefaults section in krb5.conf, see
+ krb5_appdefault(3).
+
+ If a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
+ PAG, and then run the given command. When it finishes the credentials
+ will be removed.
+
+EENNVVIIRROONNMMEENNTT
+ KRB5CCNAME
+ Specifies the default cache file.
+
+ KRB5_CONFIG
+ The directory where the _k_r_b_5_._c_o_n_f can be found, default is _/_e_t_c.
+
+ KRBTKFILE
+ Specifies the Kerberos 4 ticket file to store version 4 tickets
+ in.
+
+SSEEEE AALLSSOO
+ kdestroy(1), klist(1), krb5.conf(5), krb5_appdefault(3)
+
+ HEIMDAL May 29, 1998 2
diff --git a/kerberosV/src/kuser/klist.cat1 b/kerberosV/src/kuser/klist.cat1
new file mode 100644
index 00000000000..20f2c33d695
--- /dev/null
+++ b/kerberosV/src/kuser/klist.cat1
@@ -0,0 +1,89 @@
+
+KLIST(1) UNIX Reference Manual KLIST(1)
+
+NNAAMMEE
+ kklliisstt - list Kerberos credentials
+
+SSYYNNOOPPSSIISS
+ kklliisstt [--cc _c_a_c_h_e | ----ccaacchhee==_c_a_c_h_e] [--ss | --tt | ----tteesstt] [--44 | ----vv44] [--TT |
+ ----ttookkeennss] [--55 | ----vv55] [--vv | ----vveerrbboossee] [--ff] [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+ kklliisstt reads and displays the current tickets in the crential cache (also
+ known as the ticket file).
+
+ Options supported:
+
+ --cc _c_a_c_h_e, ----ccaacchhee==_c_a_c_h_e
+ credentials cache to list
+
+ --ss, --tt, ----tteesstt
+ Test for there being an active and valid TGT for the local realm
+ of the user in the credential cache.
+
+ --44, ----vv44
+ display v4 tickets
+
+ --TT, ----ttookkeennss
+ display AFS tokens
+
+ --55, ----vv55
+ display v5 cred cache (this is the default)
+
+ --ff Include ticket flags in short form, each charcted stands for a
+ specific flag, as follows:
+ F forwardable
+ f forwarded
+ P proxiable
+ p proxied
+ D postdate-able
+ d postdated
+ R renewable
+ I initial
+ i invalid
+ A pre-authenticated
+ H hardware authenticated
+
+ This information is also output with the ----vveerrbboossee option, but in
+ a more verbose way.
+
+ --vv, ----vveerrbboossee
+ Verbose output. Include all possible information:
+
+ Server
+ the princial the ticket is for
+
+ Ticket etype
+ the encryption type use in the ticket, followed by
+ the key version of the ticket, if it is available
+
+ Session key
+ the encryption type of the session key, if it's dif-
+ ferent from the encryption type of the ticket
+
+ Auth time
+
+ the time the authentication exchange took place
+
+ Start time
+ the time that this tickets is valid from (only print-
+ ed if it's different from the auth time)
+
+ End time
+ when the ticket expires, if it has already expired
+ this is also noted
+
+ Renew till
+ the maximum possible end time of any ticket derived
+ from this one
+
+ Ticket flags
+ the flags set on the ticket
+
+ Addresses
+ the set of addresses from which this ticket is valid
+
+SSEEEE AALLSSOO
+ kinit(1), kdestroy(1)
+
+ HEIMDAL July 8, 2000 2
diff --git a/kerberosV/src/kuser/kuser.new.fixit b/kerberosV/src/kuser/kuser.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/kuser/kuser.new.fixit
diff --git a/kerberosV/src/lib/45/45.new.fixit b/kerberosV/src/lib/45/45.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/45/45.new.fixit
diff --git a/kerberosV/src/lib/asn1/asn1.new.fixit b/kerberosV/src/lib/asn1/asn1.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/asn1/asn1.new.fixit
diff --git a/kerberosV/src/lib/auth/afskauthlib/afskauthlib.new.fixit b/kerberosV/src/lib/auth/afskauthlib/afskauthlib.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/auth/afskauthlib/afskauthlib.new.fixit
diff --git a/kerberosV/src/lib/auth/auth.new.fixit b/kerberosV/src/lib/auth/auth.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/auth/auth.new.fixit
diff --git a/kerberosV/src/lib/auth/pam/pam.new.fixit b/kerberosV/src/lib/auth/pam/pam.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/auth/pam/pam.new.fixit
diff --git a/kerberosV/src/lib/auth/sia/sia.new.fixit b/kerberosV/src/lib/auth/sia/sia.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/auth/sia/sia.new.fixit
diff --git a/kerberosV/src/lib/com_err/com_err.new.fixit b/kerberosV/src/lib/com_err/com_err.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/com_err/com_err.new.fixit
diff --git a/kerberosV/src/lib/des/asm/asm.new.fixit b/kerberosV/src/lib/des/asm/asm.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/des/asm/asm.new.fixit
diff --git a/kerberosV/src/lib/des/des.new.fixit b/kerberosV/src/lib/des/des.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/des/des.new.fixit
diff --git a/kerberosV/src/lib/des/t/t.new.fixit b/kerberosV/src/lib/des/t/t.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/des/t/t.new.fixit
diff --git a/kerberosV/src/lib/editline/editline.cat3 b/kerberosV/src/lib/editline/editline.cat3
new file mode 100644
index 00000000000..6e7e63ede19
--- /dev/null
+++ b/kerberosV/src/lib/editline/editline.cat3
@@ -0,0 +1,198 @@
+
+
+
+EDITLINE(3) EDITLINE(3)
+
+
+
+NAME
+ editline - command-line editing library with history
+
+SYNOPSIS
+ cchhaarr **
+ rreeaaddlliinnee((pprroommpptt))
+ cchhaarr **pprroommpptt;;
+
+ vvooiidd
+ aadddd__hhiissttoorryy((lliinnee))
+ cchhaarr **lliinnee;;
+
+DESCRIPTION
+ _E_d_i_t_l_i_n_e is a library that provides an line-editing interface with text
+ recall. It is intended to be compatible with the _r_e_a_d_l_i_n_e library provided
+ by the Free Software Foundation, but much smaller. The bulk of this manual
+ page describes the user interface.
+
+ The _r_e_a_d_l_i_n_e routine returns a line of text with the trailing newline
+ removed. The data is returned in a buffer allocated with _m_a_l_l_o_c(3), so the
+ space should be released with _f_r_e_e(3) when the calling program is done with
+ it. Before accepting input from the user, the specified _p_r_o_m_p_t is dis-
+ played on the terminal.
+
+ The _a_d_d___h_i_s_t_o_r_y routine makes a copy of the specified _l_i_n_e and adds it to
+ the internal history list.
+
+ User Interface
+
+ A program that uses this library provides a simple emacs-like editing
+ interface to its users. A line may be edited before it is sent to the
+ calling program by typing either control characters or escape sequences. A
+ control character, shown as a caret followed by a letter, is typed by hold-
+ ing down the ``control'' key while the letter is typed. For example,
+ ``^A'' is a control-A. An escape sequence is entered by typing the
+ ``escape'' key followed by one or more characters. The escape key is
+ abbreviated as ``ESC.'' Note that unlike control keys, case matters in
+ escape sequences; ``ESC F'' is not the same as ``ESC f''.
+
+ An editing command may be typed anywhere on the line, not just at the
+ beginning. In addition, a return may also be typed anywhere on the line,
+ not just at the end.
+
+ Most editing commands may be given a repeat count, _n, where _n is a number.
+ To enter a repeat count, type the escape key, the number, and then the com-
+ mand to execute. For example, ``ESC 4 ^f'' moves forward four characters.
+ If a command may be given a repeat count then the text ``[n]'' is given at
+ the end of its description.
+
+ The following control characters are accepted:
+ ^A Move to the beginning of the line
+ ^B Move left (backwards) [n]
+ ^D Delete character [n]
+ ^E Move to end of line
+ ^F Move right (forwards) [n]
+ ^G Ring the bell
+ ^H Delete character before cursor (backspace key) [n]
+ ^I Complete filename (tab key); see below
+ ^J Done with line (return key)
+ ^K Kill to end of line (or column [n])
+ ^L Redisplay line
+ ^M Done with line (alternate return key)
+ ^N Get next line from history [n]
+ ^P Get previous line from history [n]
+ ^R Search backward (forward if [n]) through history for text;
+ must start line if text begins with an uparrow
+ ^T Transpose characters
+ ^V Insert next character, even if it is an edit command
+ ^W Wipe to the mark
+ ^X^X Exchange current location and mark
+ ^Y Yank back last killed text
+ ^[ Start an escape sequence (escape key)
+ ^]c Move forward to next character ``c''
+ ^? Delete character before cursor (delete key) [n]
+
+ The following escape sequences are provided.
+ ESC ^H Delete previous word (backspace key) [n]
+ ESC DEL Delete previous word (delete key) [n]
+ ESC SP Set the mark (space key); see ^X^X and ^Y above
+ ESC . Get the last (or [n]'th) word from previous line
+ ESC ? Show possible completions; see below
+ ESC < Move to start of history
+ ESC > Move to end of history
+ ESC b Move backward a word [n]
+ ESC d Delete word under cursor [n]
+ ESC f Move forward a word [n]
+ ESC l Make word lowercase [n]
+ ESC u Make word uppercase [n]
+ ESC y Yank back last killed text
+ ESC v Show library version
+ ESC w Make area up to mark yankable
+ ESC nn Set repeat count to the number nn
+ ESC C Read from environment variable ``_C_'', where C is
+ an uppercase letter
+
+ The _e_d_i_t_l_i_n_e library has a small macro facility. If you type the escape
+ key followed by an uppercase letter, _C, then the contents of the environ-
+ ment variable ___C__ are read in as if you had typed them at the keyboard.
+ For example, if the variable ___L__ contains the following:
+ ^A^Kecho '^V^[[H^V^[[2J'^M
+ Then typing ``ESC L'' will move to the beginning of the line, kill the
+ entire line, enter the echo command needed to clear the terminal (if your
+ terminal is like a VT-100), and send the line back to the shell.
+
+ The _e_d_i_t_l_i_n_e library also does filename completion. Suppose the root
+ directory has the following files in it:
+ bin vmunix
+ core vmunix.old
+ If you type ``rm /v'' and then the tab key. _E_d_i_t_l_i_n_e will then finish off
+ as much of the name as possible by adding ``munix''. Because the name is
+ not unique, it will then beep. If you type the escape key and a question
+ mark, it will display the two choices. If you then type a period and a
+ tab, the library will finish off the filename for you:
+ rm /v[TAB]_m_u_n_i_x.TAB_o_l_d
+ The tab key is shown by ``[TAB]'' and the automatically-entered text is
+ shown in italics.
+
+
+
+BUGS AND LIMITATIONS
+ Cannot handle lines more than 80 columns.
+
+
+
+
+AUTHORS
+ Simmule R. Turner <uunet.uu.net!capitol!sysgo!simmy> and Rich $alz
+ <rsalz@osf.org>. Original manual page by DaviD W. Sanderson
+ <dws@ssec.wisc.edu>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/kerberosV/src/lib/editline/editline.new.fixit b/kerberosV/src/lib/editline/editline.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/editline/editline.new.fixit
diff --git a/kerberosV/src/lib/gssapi/gssapi.new.fixit b/kerberosV/src/lib/gssapi/gssapi.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/gssapi/gssapi.new.fixit
diff --git a/kerberosV/src/lib/hdb/hdb.new.fixit b/kerberosV/src/lib/hdb/hdb.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/hdb/hdb.new.fixit
diff --git a/kerberosV/src/lib/kadm5/kadm5.new.fixit b/kerberosV/src/lib/kadm5/kadm5.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/kadm5/kadm5.new.fixit
diff --git a/kerberosV/src/lib/kafs/kafs.cat3 b/kerberosV/src/lib/kafs/kafs.cat3
new file mode 100644
index 00000000000..78f5bd531ab
--- /dev/null
+++ b/kerberosV/src/lib/kafs/kafs.cat3
@@ -0,0 +1,95 @@
+
+KAFS(3) UNIX Programmer's Manual KAFS(3)
+
+NNAAMMEE
+ kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg,
+ kkrrbb__aaffsslloogg__uuiidd - AFS library
+
+SSYYNNOOPPSSIISS
+ ##iinncclluuddee <<kkaaffss..hh>>
+
+ _i_n_t
+ kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n)
+
+ _i_n_t
+ kk__hhaassaaffss()
+
+ _i_n_t
+ kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P,
+ _i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s)
+
+ _i_n_t
+ kk__sseettppaagg()
+
+ _i_n_t
+ kk__uunnlloogg()
+
+ _i_n_t
+ kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m)
+
+ _i_n_t
+ kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d)
+
+DDEESSCCRRIIPPTTIIOONN
+ kk__hhaassaaffss() initializes some library internal structures, and tests for
+ the presense of AFS in the kernel, none of the other functions should be
+ called before kk__hhaassaaffss() is called, or if it fails.
+
+ kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick-
+ ets) for the specified _c_e_l_l and _r_e_a_l_m. If _c_e_l_l is NULL, the local cell is
+ used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use.
+ Unless you have some good knowledge of what cell or realm to use, you
+ should pass NULL. kkrrbb__aaffsslloogg() will use the real user-id for the ViceId
+ field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d.
+
+ kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no
+ more than _l_e_n characters is put in _c_e_l_l.
+
+ kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This
+ function is equivalent to llppiiooccttll().
+
+ kk__sseettppaagg() initializes a new PAG.
+
+ kk__uunnlloogg() removes destroys all tokens in the current PAG.
+
+EENNVVIIRROONNMMEENNTT
+ The following environment variable affect the mode of operation of kkaaffss:
+
+ AFS_SYSCALL Normally, kkaaffss will try to figure out the correct system
+ call(s) that are used by AFS by itself. If it does not man-
+ age to do that, or does it incorrectly, you can set this
+ variable to the system call number or list of system call
+ numbers that should be used.
+
+RREETTUURRNN VVAALLUUEESS
+ kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise.
+ kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er-
+ ror number on failure. kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and
+ kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc-
+ cess.
+
+EEXXAAMMPPLLEESS
+ The following code from llooggiinn will obtain a new PAG and tokens for the
+ local cell and the cell of the users home directory.
+
+ if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb_afslog(cell, NULL);
+ krb_afslog(NULL, NULL);
+ }
+
+EERRRROORRSS
+ If any of these functions (appart from kk__hhaassaaffss()) is called without AFS
+ beeing present in the kernel, the process will usually (depending on the
+ operating system) receive a SIGSYS signal.
+
+SSEEEE AALLSSOO
+ Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3
+ _P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991.
+
+BBUUGGSS
+ AFS_SYSCALL has no effect under AIX.
+
+ KTH-KRB May 7, 1997 2
diff --git a/kerberosV/src/lib/kafs/kafs.new.fixit b/kerberosV/src/lib/kafs/kafs.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/kafs/kafs.new.fixit
diff --git a/kerberosV/src/lib/kafs/roken_rename.h b/kerberosV/src/lib/kafs/roken_rename.h
new file mode 100644
index 00000000000..5a6dd41c241
--- /dev/null
+++ b/kerberosV/src/lib/kafs/roken_rename.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $KTH: roken_rename.h,v 1.1 2001/02/12 22:01:27 assar Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+/*
+ * Libroken routines that are added libkafs
+ */
+
+#define _resolve_debug _roken_resolve_debug
+
+#define dns_free_data _kafs_dns_free_data
+#define dns_lookup _kafs_dns_lookup
+#define dns_string_to_type _kafs_dns_string_to_type
+#define dns_type_to_string _kafs_dns_type_to_string
+
+#endif /* __roken_rename_h__ */
diff --git a/kerberosV/src/lib/kdfs/kdfs.new.fixit b/kerberosV/src/lib/kdfs/kdfs.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/kdfs/kdfs.new.fixit
diff --git a/kerberosV/src/lib/krb5/derived-key-test.c b/kerberosV/src/lib/krb5/derived-key-test.c
new file mode 100644
index 00000000000..7aaf0f6f24f
--- /dev/null
+++ b/kerberosV/src/lib/krb5/derived-key-test.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$KTH: derived-key-test.c,v 1.1 2001/03/12 07:44:52 assar Exp $");
+
+enum { MAXSIZE = 24 };
+
+static struct testcase {
+ krb5_enctype enctype;
+ unsigned char constant[MAXSIZE];
+ size_t constant_len;
+ unsigned char key[MAXSIZE];
+ unsigned char res[MAXSIZE];
+} tests[] = {
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
+ {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
+ {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
+ {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
+ {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
+ {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
+ {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
+ {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
+ {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
+ {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
+ {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
+ {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
+ {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
+ {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
+ {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
+ {0}
+};
+
+int
+main(int argc, char **argv)
+{
+ struct testcase *t;
+ krb5_context context;
+ krb5_error_code ret;
+ int val = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ for (t = tests; t->enctype != 0; ++t) {
+ krb5_keyblock key;
+ krb5_keyblock *dkey;
+
+ key.keytype = KEYTYPE_DES3;
+ key.keyvalue.length = MAXSIZE;
+ key.keyvalue.data = t->key;
+
+ ret = krb5_derive_key(context, &key, t->enctype, t->constant,
+ t->constant_len, &dkey);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_derive_key");
+ if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
+ const unsigned char *p = dkey->keyvalue.data;
+ int i;
+
+ printf ("derive_key failed\n");
+ printf ("should be: ");
+ for (i = 0; i < dkey->keyvalue.length; ++i)
+ printf ("%02x", t->res[i]);
+ printf ("\nresult was: ");
+ for (i = 0; i < dkey->keyvalue.length; ++i)
+ printf ("%02x", p[i]);
+ printf ("\n");
+ val = 1;
+ }
+ }
+ return val;
+}
diff --git a/kerberosV/src/lib/krb5/error_string.c b/kerberosV/src/lib/krb5/error_string.c
new file mode 100644
index 00000000000..e381ed2c6b6
--- /dev/null
+++ b/kerberosV/src/lib/krb5/error_string.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$KTH: error_string.c,v 1.1 2001/05/06 23:07:22 assar Exp $");
+
+#undef __attribute__
+#define __attribute__(X)
+
+void
+krb5_free_error_string(krb5_context context, char *str)
+{
+ if (str != context->error_buf)
+ free(str);
+}
+
+void
+krb5_clear_error_string(krb5_context context)
+{
+ if (context->error_string != NULL
+ && context->error_string != context->error_buf)
+ free(context->error_string);
+ context->error_string = NULL;
+}
+
+krb5_error_code
+krb5_set_error_string(krb5_context context, const char *fmt, ...)
+ __attribute__((format (printf, 2, 3)))
+{
+ krb5_error_code ret;
+ va_list ap;
+
+ va_start(ap, fmt);
+ ret = krb5_vset_error_string (context, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+krb5_error_code
+krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
+ __attribute__ ((format (printf, 2, 0)))
+{
+ krb5_clear_error_string(context);
+ vasprintf(&context->error_string, fmt, args);
+ if(context->error_string == NULL) {
+ vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
+ context->error_string = context->error_buf;
+ }
+ return 0;
+}
+
+char*
+krb5_get_error_string(krb5_context context)
+{
+ char *ret = context->error_string;
+ context->error_string = NULL;
+ return ret;
+}
+
+krb5_boolean
+krb5_have_error_string(krb5_context context)
+{
+ return context->error_string != NULL;
+}
diff --git a/kerberosV/src/lib/krb5/keytab_any.c b/kerberosV/src/lib/krb5/keytab_any.c
new file mode 100644
index 00000000000..784f3fe5798
--- /dev/null
+++ b/kerberosV/src/lib/krb5/keytab_any.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$KTH: keytab_any.c,v 1.2 2001/05/14 06:14:48 assar Exp $");
+
+struct any_data {
+ krb5_keytab kt;
+ char *name;
+ struct any_data *next;
+};
+
+static void
+free_list (struct any_data *a)
+{
+ struct any_data *next;
+
+ for (; a != NULL; a = next) {
+ next = a->next;
+ free (a->name);
+ free (a);
+ }
+}
+
+static krb5_error_code
+any_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct any_data *a, *a0 = NULL, *prev = NULL;
+ krb5_error_code ret;
+ char buf[256];
+
+ while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
+ a = malloc(sizeof(*a));
+ if (a == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ if (a0 == NULL) {
+ a0 = a;
+ a->name = strdup(name);
+ if (a->name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto fail;
+ }
+ } else
+ a->name = NULL;
+ if (prev != NULL)
+ prev->next = a;
+ a->next = NULL;
+ ret = krb5_kt_resolve (context, buf, &a->kt);
+ if (ret)
+ goto fail;
+ prev = a;
+ }
+ if (a0 == NULL) {
+ krb5_set_error_string(context, "empty ANY: keytab");
+ return ENOENT;
+ }
+ id->data = a0;
+ return 0;
+ fail:
+ free_list (a0);
+ return ret;
+}
+
+static krb5_error_code
+any_get_name (krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t namesize)
+{
+ struct any_data *a = id->data;
+ strlcpy(name, a->name, namesize);
+ return 0;
+}
+
+static krb5_error_code
+any_close (krb5_context context,
+ krb5_keytab id)
+{
+ struct any_data *a = id->data;
+
+ free_list (a);
+ return 0;
+}
+
+struct any_cursor_extra_data {
+ struct any_data *a;
+ krb5_kt_cursor cursor;
+};
+
+static krb5_error_code
+any_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ struct any_data *a = id->data;
+ struct any_cursor_extra_data *ed;
+ krb5_error_code ret;
+
+ c->data = malloc (sizeof(struct any_cursor_extra_data));
+ if(c->data == NULL){
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ed = (struct any_cursor_extra_data *)c->data;
+ ed->a = a;
+ ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+ if (ret) {
+ free (ed);
+ free (c->data);
+ c->data = NULL;
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+static krb5_error_code
+any_next_entry (krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor)
+{
+ krb5_error_code ret, ret2;
+ struct any_cursor_extra_data *ed;
+
+ ed = (struct any_cursor_extra_data *)cursor->data;
+ do {
+ ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
+ if (ret == 0)
+ return 0;
+ else if (ret == KRB5_CC_END) {
+ ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
+ if (ret2)
+ return ret2;
+ ed->a = ed->a->next;
+ if (ed->a == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5_CC_END;
+ }
+ ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+ if (ret2)
+ return ret2;
+ } else
+ return ret;
+ } while (ret == KRB5_CC_END);
+ return ret;
+}
+
+static krb5_error_code
+any_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ krb5_error_code ret = 0;
+ struct any_cursor_extra_data *ed;
+
+ ed = (struct any_cursor_extra_data *)cursor->data;
+ if (ed->a != NULL)
+ ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
+ free (ed);
+ cursor->data = NULL;
+ return ret;
+}
+
+const krb5_kt_ops krb5_any_ops = {
+ "ANY",
+ any_resolve,
+ any_get_name,
+ any_close,
+ NULL, /* get */
+ any_start_seq_get,
+ any_next_entry,
+ any_end_seq_get,
+ NULL, /* add_entry */
+ NULL /* remote_entry */
+};
diff --git a/kerberosV/src/lib/krb5/krb5.new.fixit b/kerberosV/src/lib/krb5/krb5.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/krb5/krb5.new.fixit
diff --git a/kerberosV/src/lib/krb5/krb5_keytab.3 b/kerberosV/src/lib/krb5/krb5_keytab.3
new file mode 100644
index 00000000000..e9ab0c2f68c
--- /dev/null
+++ b/kerberosV/src/lib/krb5/krb5_keytab.3
@@ -0,0 +1,358 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $KTH: krb5_keytab.3,v 1.1 2001/02/05 18:17:46 assar Exp $
+.Dd Feb 5, 2001
+.Dt KRB5_KEYTAB 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_kt_ops,
+.Nm krb5_keytab_entry ,
+.Nm krb5_kt_cursor ,
+.Nm krb5_kt_add_entry ,
+.Nm krb5_kt_close ,
+.Nm krb5_kt_compare ,
+.Nm krb5_kt_copy_entry_contents ,
+.Nm krb5_kt_default ,
+.Nm krb5_kt_default_name ,
+.Nm krb5_kt_end_seq_get ,
+.Nm krb5_kt_free_entry ,
+.Nm krb5_kt_get_entry ,
+.Nm krb5_kt_get_name ,
+.Nm krb5_kt_next_entry ,
+.Nm krb5_kt_read_service_key ,
+.Nm krb5_kt_register ,
+.Nm krb5_kt_remove_entry ,
+.Nm krb5_kt_resolve ,
+.Nm krb5_kt_start_seq_get
+.Nd manage keytab (key storage) files
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+.Pp
+.Ft krb5_error_code
+.Fo krb5_kt_add_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_close
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_kt_compare
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_copy_entry_contents
+.Fa "krb5_context context"
+.Fa "const krb5_keytab_entry *in"
+.Fa "krb5_keytab_entry *out"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default
+.Fa "krb5_context context"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default_name
+.Fa "krb5_context context"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_end_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_free_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno kvno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_name
+.Fa "krb5_context context"
+.Fa "krb5_keytab keytab"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_next_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_read_service_key
+.Fa "krb5_context context"
+.Fa "krb5_pointer keyprocarg"
+.Fa "krb5_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keyblock **key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_register
+.Fa "krb5_context context"
+.Fa "const krb5_kt_ops *ops"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_remove_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_resolve
+.Fa "krb5_context context"
+.Fa "const char *name"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_start_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Sh DESCRIPTION
+A keytab name is on the form
+.Li type:residual .
+The
+.Li residual
+part is specific to each keytab-type.
+.Pp
+When a keytab-name is resolved, the type is matched with an interal
+list of keytab types. If there is no matching keytab type,
+the default keytab is used. The current default type is
+.Nm file .
+The default value can be changed in the configuration file
+.Pa /etc/krb5.conf
+by setting the variable
+.Li [defaults]default_keytab_name .
+.Pp
+The keytab types that are implemented in Heimdal
+are:
+.Bl -tag -width Ds
+.It Nm file
+store the keytab in a file, the type's name is
+.Li KEYFILE .
+The residual part is a filename.
+.It Nm keyfile
+store the keytab in a
+.Li AFS
+keyfile (usually
+.Pa /usr/afs/etc/KeyFile ) ,
+the type's name is
+.Li AFSKEYFILE .
+The residual part is a filename.
+.It Nm krb4
+the keytab is a Kerberos 4
+.Pa srvtab
+that is on-the-fly converted to a keytab. The type's name is
+.Li krb4 .
+The residual part is a filename.
+.It Nm memory
+The keytab is stored in a memory segment. This allows sensitive and/or
+temporary data not to be stored on disk. The type's name is
+.Li MEMORY .
+There are no residual part, the only pointer back to the keytab is the
+.Fa id
+returned by
+.Fn krb5_kt_resolve .
+.El
+.Pp
+.Nm krb5_keytab_entry
+holds all data for an entry in a keytab file, like principal name,
+key-type, key, key-version number, etc.
+.Nm krb5_kt_cursor
+holds the current position that is used when iterating through a
+keytab entry with
+.Fn krb5_kt_start_seq_get ,
+.Fn krb5_kt_next_entry ,
+and
+.Fn krb5_kt_end_seq_get .
+.Pp
+.Nm krb5_kt_ops
+contains the different operations that can be done to a keytab. This
+structure is normally only used when doing a new keytab-type
+implementation.
+.Pp
+.Fn krb5_kt_resolve
+is the equvalent of an
+.Xr open 2
+on keytab. Resolve the keytab name in
+.Fa name
+into a keytab in
+.Fa id .
+Returns 0 or an error. The opposite of
+.Fn krb5_kt_resolve
+is
+.Fn krb5_kt_close .
+.Fn krb5_kt_close
+frees all resources allocated to the keytab.
+.Pp
+.Fn krb5_kt_default
+sets the argument
+.Fa id
+to the default keytab.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_default_name
+copy the name of the default keytab into
+.Fa name .
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if
+.Fa namesize
+is too short.
+.Pp
+.Fn krb5_kt_add_entry
+Add a new
+.Fa entry
+to the keytab
+.Fa id .
+.Li KRB5_KT_NOWRITE
+is returned if the keytab is a readonly keytab.
+.Pp
+.Fn krb5_kt_compare
+compares the passed in
+.Fa entry
+against
+.Fa principal ,
+.Fa vno ,
+and
+.Fa enctype .
+Any of
+.Fa principal ,
+.Fa vno
+or
+.Fa enctype
+might be 0 which acts as a wildcard. Return TRUE if they compare the
+same, FALSE otherwise.
+.Pp
+.Fn krb5_kt_copy_entry_contents
+copies the contents of
+.Fa in
+into
+.Fa out .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_get_name
+retrieves the name of the keytab
+.Fa keytab
+into
+.Fa name ,
+.Fa namesize .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_free_entry
+frees the contents of
+.Fa entry .
+.Pp
+.Fn krb5_kt_start_seq_get
+sets
+.Fa cursor
+to point at the beginning of
+.Fa id.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_next_entry
+gets the next entry from
+.Fa id
+pointed to by
+.Fa cursor
+and advance the
+.Fa cursor .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_end_seq_get
+releases all resources associated with
+.Fa cursor .
+.Pp
+.Fn krb5_kt_get_entry
+retrieves the keytab entry for
+.Fa principal,
+.Fa kvno,
+.Fa enctype
+into
+.Fa entry
+from the keytab
+.Fa id .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_read_service_key
+reads the key identified by
+.Ns ( Fa principal ,
+.Fa vno ,
+.Fa enctype )
+from the keytab in
+.Fa keyprocarg
+(the default if == NULL) into
+.Fa *key .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_remove_entry
+removes the entry
+.Fa entry
+from the keytab
+.Fa id .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_register
+registers a new keytab type
+.Fa ops .
+Returns 0 or an error.
+.Sh EXAMPLE
+This is a minimalistic version of
+.Nm ktutil .
+.Pp
+.Bd -literal
+int
+main (int argc, char **argv)
+{
+ krb5_context context;
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+ krb5_error_code ret;
+ char *principal;
+
+ if (krb5_init_context (&context) != 0)
+ errx(1, "krb5_context");
+
+ ret = krb5_kt_default (context, &keytab);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_default");
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
+ krb5_unparse_name_short(context, entry.principal, &principal);
+ printf("principal: %s\\n", principal);
+ free(principal);
+ krb5_kt_free_entry(context, &entry);
+ }
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
+ krb5_free_context(context);
+ return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr kerberos 8 ,
+.Xr krb5.conf 5
diff --git a/kerberosV/src/lib/krb5/store-test.c b/kerberosV/src/lib/krb5/store-test.c
new file mode 100644
index 00000000000..97c71d70218
--- /dev/null
+++ b/kerberosV/src/lib/krb5/store-test.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$KTH: store-test.c,v 1.1 2001/05/11 16:06:25 joda Exp $");
+
+static void
+print_data(unsigned char *data, size_t len)
+{
+ int i;
+ for(i = 0; i < len; i++) {
+ if(i > 0 && (i % 16) == 0)
+ printf("\n ");
+ printf("%02x ", data[i]);
+ }
+ printf("\n");
+}
+
+static int
+compare(const char *name, krb5_storage *sp, void *expected, size_t len)
+{
+ int ret = 0;
+ krb5_data data;
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+ if(data.length != len || memcmp(data.data, expected, len) != 0) {
+ printf("%s mismatch\n", name);
+ printf(" Expected: ");
+ print_data(expected, len);
+ printf(" Actual: ");
+ print_data(data.data, data.length);
+ ret++;
+ }
+ krb5_data_free(&data);
+ return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+ int nerr = 0;
+ krb5_storage *sp;
+ krb5_context context;
+ krb5_principal principal;
+
+
+ krb5_init_context(&context);
+
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
+ krb5_store_int32(sp, 0x01020304);
+ {
+ int test = 1;
+ void *data;
+ if(*(char*)&test)
+ data = "\x4\x3\x2\x1";
+ else
+ data = "\x1\x2\x3\x4";
+ nerr += compare("Integer (host)", sp, data, 4);
+ }
+
+ sp = krb5_storage_emem();
+ krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
+ krb5_store_principal(sp, principal);
+ nerr += compare("Principal", sp, "\x0\x0\x0\x1"
+ "\x0\x0\x0\x1"
+ "\x0\x0\x0\x4TEST"
+ "\x0\x0\x0\x6""foobar", 26);
+
+ return nerr ? 1 : 0;
+}
diff --git a/kerberosV/src/lib/lib.new.fixit b/kerberosV/src/lib/lib.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/lib.new.fixit
diff --git a/kerberosV/src/lib/otp/otp.new.fixit b/kerberosV/src/lib/otp/otp.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/otp/otp.new.fixit
diff --git a/kerberosV/src/lib/roken/bswap.c b/kerberosV/src/lib/roken/bswap.c
new file mode 100644
index 00000000000..e32b4c2b819
--- /dev/null
+++ b/kerberosV/src/lib/roken/bswap.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$KTH: bswap.c,v 1.3 2001/05/18 15:32:11 joda Exp $");
+
+#ifndef HAVE_BSWAP32
+
+unsigned int
+bswap32 (unsigned int val)
+{
+ return (val & 0xff) << 24 |
+ (val & 0xff00) << 8 |
+ (val & 0xff0000) >> 8 |
+ (val & 0xff000000) >> 24;
+}
+#endif
+
+#ifndef HAVE_BSWAP16
+
+unsigned short
+bswap16 (unsigned short val)
+{
+ return (val & 0xff) << 8 |
+ (val & 0xff00) >> 8;
+}
+#endif
diff --git a/kerberosV/src/lib/roken/roken.new.fixit b/kerberosV/src/lib/roken/roken.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/roken/roken.new.fixit
diff --git a/kerberosV/src/lib/sl/sl.new.fixit b/kerberosV/src/lib/sl/sl.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/sl/sl.new.fixit
diff --git a/kerberosV/src/lib/vers/vers.new.fixit b/kerberosV/src/lib/vers/vers.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/lib/vers/vers.new.fixit
diff --git a/kerberosV/src/tools/krb5-config.cat1 b/kerberosV/src/tools/krb5-config.cat1
new file mode 100644
index 00000000000..298f57b6ccb
--- /dev/null
+++ b/kerberosV/src/tools/krb5-config.cat1
@@ -0,0 +1,52 @@
+
+KRB5-CONFIG(1) UNIX Reference Manual KRB5-CONFIG(1)
+
+NNAAMMEE
+ kkrrbb55--ccoonnffiigg - give information on how to link code against Heimdal li-
+ braries
+
+SSYYNNOOPPSSIISS
+ kkrrbb55--ccoonnffiigg [----pprreeffiixx[=_d_i_r]] [----eexxeecc--pprreeffiixx[=_d_i_r]] [----lliibbss] [----ccffllaaggss]
+ [_l_i_b_r_a_r_i_e_s]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkrrbb55--ccoonnffiigg tells the application programmer what special flags to use to
+ compile and link programs against the libraries installed by Heimdal.
+
+ Options supported:
+
+ ----pprreeffiixx[=_d_i_r]
+ Print the prefix if no _d_i_r is specified, otherwise set prefix to
+ _d_i_r.
+
+ ----eexxeecc--pprreeffiixx[=_d_i_r]
+ Print the exec-prefix if no _d_i_r is specified, otherwise set exec-
+ prefix to _d_i_r.
+
+ ----lliibbss Output the set of libraries that should be linked against.
+
+ ----ccffllaaggss
+ Output the set of flags to give to the C compiler when using the
+ Heimdal libraries.
+
+ By default kkrrbb55--ccoonnffiigg will output the set of flags and libraries to be
+ used by a normal program using the krb5 API. The user can also supply a
+ library to be used, the supported ones are:
+
+ krb5 (the default)
+
+ gssapi use the krb5 gssapi mechanism
+
+ kadm-client
+ use the client-side kadmin libraries
+
+ kadm-server
+ use the server-side kadmin libraries
+
+SSEEEE AALLSSOO
+ cc(1)
+
+HHIISSTTOORRYY
+ kkrrbb55--ccoonnffiigg appeared in Heimdal 0.3d.
+
+ HEIMDAL November 30, 2000 1
diff --git a/kerberosV/src/tools/tools.new.fixit b/kerberosV/src/tools/tools.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/tools/tools.new.fixit
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 22:40:02 +0000