The first big step towards a complete upgrade to kth-krb4-0.9.7

6 files changed, 680 insertions, 255 deletions

diff --git a/kerberosIV/kafs/Makefile b/kerberosIV/kafs/Makefile
index bfe28c1326e..10122fcfe1c 100644
--- a/kerberosIV/kafs/Makefile
+++ b/kerberosIV/kafs/Makefile
@@ -1,6 +1,7 @@
-#	$Id: Makefile,v 1.1 1995/12/14 06:52:46 tholo Exp $
+#	$Id: Makefile,v 1.2 1997/11/28 12:48:42 art Exp $
 
 LIB=	kafs
-SRCS=	afssys.c
+CFLAGS+=-I${.CURDIR} -DNO_AFS
+SRCS=	afskrb.c afssys.c common.c
 
 .include <bsd.lib.mk>
diff --git a/kerberosIV/kafs/afskrb.c b/kerberosIV/kafs/afskrb.c
new file mode 100644
index 00000000000..d6809e541ed
--- /dev/null
+++ b/kerberosIV/kafs/afskrb.c
@@ -0,0 +1,112 @@
+/* $KTH: afskrb.c,v 1.8 1997/10/14 23:00:39 joda Exp $ */
+
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+struct krb_kafs_data {
+    const char *realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
+{
+    KTEXT_ST tkt;
+    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    
+    if (ret) {
+	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+	if (ret == KSUCCESS)
+	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    }
+    return ret;
+}
+
+static int
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid)
+{
+    int ret;
+    CREDENTIALS c;
+    struct krb_kafs_data *d = data->data;
+    char realm[REALM_SZ], *lrealm;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid);
+
+    ret = krb_get_lrealm(realm , 0);
+    if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm)))
+	lrealm = realm;
+    else
+	lrealm = NULL;
+
+    ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+    char *r = krb_realmofhost(host);
+    if(r)
+	return strdup(r);
+    return NULL;
+}
+
+int
+krb_afslog_uid(const char *cell, const char *realm, uid_t uid)
+{
+    kafs_data kd;
+    struct krb_kafs_data d;
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, uid);
+}
+
+int
+krb_afslog(const char *cell, const char *realm)
+{
+    return krb_afslog_uid (cell, realm, getuid());
+}
diff --git a/kerberosIV/kafs/afssys.c b/kerberosIV/kafs/afssys.c
index 2c831e41abf..eb849791abc 100644
--- a/kerberosIV/kafs/afssys.c
+++ b/kerberosIV/kafs/afssys.c
@@ -1,302 +1,220 @@
-/*	$Id: afssys.c,v 1.2 1996/09/16 03:18:08 tholo Exp $	*/
-
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-
-#include "afssysdefs.h"
-
-#define AUTH_SUPERUSER "afs"
+/* $KTH: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $ */
 
 /*
- * Here only ASCII characters are relevant.
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
-#define IsAsciiUpper(c) ('A' <= (c) && (c) <= 'Z')
-
-#define ToAsciiLower(c) ((c) - 'A' + 'a')
-
-static void
-folddown(a, b)
-     char *a, *b;
-{
-  for (; *b; a++, b++)
-    if (IsAsciiUpper(*b))
-      *a = ToAsciiLower(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
-
-#if !defined(linux)		/* won't work there -- no SIGSYS, no syscall */
-
-int
-k_afsklog(realm)
-	char *realm;
-{
-  int k_errno;
-  CREDENTIALS c;
-  KTEXT_ST ticket;
-  char username[256];
-  char krealm[REALM_SZ];
-
-  if (!k_hasafs())
-    return KSUCCESS;
-
-  if (realm == 0 || realm[0] == 0)
-    {
-      k_errno = krb_get_lrealm(krealm, 0);
-      if (k_errno != KSUCCESS)
-	return k_errno;
-      realm = krealm;
-    }
-
-  k_errno = krb_get_cred(AUTH_SUPERUSER, "", realm, &c);
-  if (k_errno != KSUCCESS)
-    {
-      k_errno = krb_mk_req(&ticket, AUTH_SUPERUSER, "", realm, 0);
-      if (k_errno == KSUCCESS)
-	k_errno = krb_get_cred(AUTH_SUPERUSER, "", realm, &c);
-    }
-
-  if (k_errno == KSUCCESS)
-    {
-      char cell[256];
-      struct ViceIoctl parms;
-      struct ClearToken ct;
-      int32_t sizeof_x;
-      char buf[2048], *t;
-
-      folddown(cell, realm);
-
-      /*
-       * Build a struct ClearToken
-       */
-      ct.AuthHandle = c.kvno;
-      bcopy((char *)c.session, ct.HandShakeKey, sizeof(c.session));
-      ct.ViceId = getuid();	/* is this always valid? */
-      ct.BeginTimestamp = 1 + c.issue_date;
-      ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime);
-
-      t = buf;
-      /*
-       * length of secret token followed by secret token
-       */
-      sizeof_x = c.ticket_st.length;
-      bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      bcopy((char *)c.ticket_st.dat, t, sizeof_x);
-      t += sizeof_x;
-      /*
-       * length of clear token followed by clear token
-       */
-      sizeof_x = sizeof(ct);
-      bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      bcopy((char *)&ct, t, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * do *not* mark as primary cell
-       */
-      sizeof_x = 0;
-      bcopy((char *)&sizeof_x, t, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      /*
-       * follow with cell name
-       */
-      sizeof_x = strlen(cell) + 1;
-      bcopy(cell, t, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * Build argument block
-       */
-      parms.in = buf;
-      parms.in_size = t - buf;
-      parms.out = 0;
-      parms.out_size = 0;
-      (void) k_pioctl(0, VIOCSETTOK, &parms, 0);
-    }
-  return k_errno;
-}
+#include "kafs_locl.h"
 
 #define NO_ENTRY_POINT		0
 #define SINGLE_ENTRY_POINT	1
 #define MULTIPLE_ENTRY_POINT	2
 #define SINGLE_ENTRY_POINT2	3
-#define AIX_ENTRY_POINTS	4
-#define UNKNOWN_ENTRY_POINT	5
+#define SINGLE_ENTRY_POINT3	4
+#define AIX_ENTRY_POINTS	5
+#define UNKNOWN_ENTRY_POINT	6
 static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
+
 
 int
-k_pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks)
-	char *a_path;
-	int o_opcode;
-	struct ViceIoctl *a_paramsP;
-	int a_followSymlinks;
+k_pioctl(char *a_path,
+	 int o_opcode,
+	 struct ViceIoctl *a_paramsP,
+	 int a_followSymlinks)
 {
-#ifdef AFS_SYSCALL
-  if (afs_entry_point == SINGLE_ENTRY_POINT)
-    return syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
-		   a_path, o_opcode, a_paramsP, a_followSymlinks);
+#ifndef NO_AFS
+    switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    case SINGLE_ENTRY_POINT:
+    case SINGLE_ENTRY_POINT2:
+    case SINGLE_ENTRY_POINT3:
+	return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
+		       a_path, o_opcode, a_paramsP, a_followSymlinks);
 #endif
-
-#ifdef AFS_PIOCTL
-    if (afs_entry_point == MULTIPLE_ENTRY_POINT)
-      return syscall(AFS_PIOCTL,
-		     a_path, o_opcode, a_paramsP, a_followSymlinks);
+#if defined(AFS_PIOCTL)
+    case MULTIPLE_ENTRY_POINT:
+	return syscall(afs_syscalls[0],
+		       a_path, o_opcode, a_paramsP, a_followSymlinks);
 #endif
-
-#ifdef AFS_SYSCALL2
-  if (afs_entry_point == SINGLE_ENTRY_POINT2)
-    return syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
-		   a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-
-#ifdef _AIX
-  if (afs_entry_point == AIX_ENTRY_POINTS)
-    return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-
-  errno = ENOSYS;
-  kill(getpid(), SIGSYS);	/* You loose! */
-  return -1;
+    }
+    
+    errno = ENOSYS;
+    kill(getpid(), SIGSYS);	/* You loose! */
+#endif /* NO_AFS */
+    return -1;
 }
 
 int
-k_unlog()
+k_afs_cell_of_file(const char *path, char *cell, int len)
 {
-  struct ViceIoctl parms;
-  bzero((char *)&parms, sizeof(parms));
-  return k_pioctl(0, VIOCUNLOG, &parms, 0);
+    struct ViceIoctl parms;
+    parms.in = NULL;
+    parms.in_size = 0;
+    parms.out = cell;
+    parms.out_size = len;
+    return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
 }
 
 int
-k_setpag()
+k_unlog(void)
 {
-#ifdef AFS_SYSCALL
-  if (afs_entry_point == SINGLE_ENTRY_POINT)
-    return syscall(AFS_SYSCALL, AFSCALL_SETPAG);
-#endif
-
-#ifdef AFS_SETPAG
-  if (afs_entry_point == MULTIPLE_ENTRY_POINT)
-    return syscall(AFS_SETPAG);
-#endif
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+    return k_pioctl(0, VIOCUNLOG, &parms, 0);
+}
 
-#ifdef AFS_SYSCALL2
-  if (afs_entry_point == SINGLE_ENTRY_POINT2)
-    return syscall(AFS_SYSCALL2, AFSCALL_SETPAG);
+int
+k_setpag(void)
+{
+#ifndef NO_AFS
+    switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    case SINGLE_ENTRY_POINT:
+    case SINGLE_ENTRY_POINT2:
+    case SINGLE_ENTRY_POINT3:
+	return syscall(afs_syscalls[0], AFSCALL_SETPAG);
 #endif
-
-#ifdef _AIX
-  if (afs_entry_point == AIX_ENTRY_POINTS)
-    return lsetpag();
+#if defined(AFS_PIOCTL)
+    case MULTIPLE_ENTRY_POINT:
+	return syscall(afs_syscalls[1]);
 #endif
-
-  errno = ENOSYS;
-  kill(getpid(), SIGSYS);	/* You loose! */
-  return -1;
+    }
+    
+    errno = ENOSYS;
+    kill(getpid(), SIGSYS);	/* You loose! */
+#endif /* NO_AFS */
+    return -1;
 }
-#endif /* defined(linux) */
+
 static jmp_buf catch_SIGSYS;
 
-static void
-SIGSYS_handler()
+void
+SIGSYS_handler(int sig)
 {
-  errno = 0;
-  longjmp(catch_SIGSYS, 1);
+    errno = 0;
+    longjmp(catch_SIGSYS, 1);
 }
 
 int
-k_hasafs()
+k_hasafs(void)
 {
-  int saved_errno;
-  void (*saved_func)();
-  struct ViceIoctl parms;
+    int saved_errno;
+    void (*saved_func)();
+    struct ViceIoctl parms;
   
-#if defined(linux)
-  return 0;
-#else
-  /*
-   * Already checked presence of AFS syscalls?
-   */
-  if (afs_entry_point != UNKNOWN_ENTRY_POINT)
-    return afs_entry_point != NO_ENTRY_POINT;
-
-  /*
-   * Probe kernel for AFS specific syscalls,
-   * they (currently) come in two flavors.
-   * If the syscall is absent we recive a SIGSYS.
-   */
-  afs_entry_point = NO_ENTRY_POINT;
-  bzero(&parms, sizeof(parms));
+    /*
+     * Already checked presence of AFS syscalls?
+     */
+    if (afs_entry_point != UNKNOWN_ENTRY_POINT)
+	return afs_entry_point != NO_ENTRY_POINT;
+
+    /*
+     * Probe kernel for AFS specific syscalls,
+     * they (currently) come in two flavors.
+     * If the syscall is absent we recive a SIGSYS.
+     */
+    afs_entry_point = NO_ENTRY_POINT;
+    memset(&parms, 0, sizeof(parms));
   
-  saved_errno = errno;
-  saved_func = signal(SIGSYS, SIGSYS_handler);
+    saved_errno = errno;
+#ifndef NO_AFS
+    saved_func = signal(SIGSYS, SIGSYS_handler);
 
 #ifdef AFS_SYSCALL
-  if (setjmp(catch_SIGSYS) == 0)
-    {
-      syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
-	      0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-      if (errno == EINVAL)
+    if (setjmp(catch_SIGSYS) == 0)
 	{
-	  afs_entry_point = SINGLE_ENTRY_POINT;
-	  goto done;
+	    syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
+		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	    if (errno == EINVAL)
+		{
+		    afs_entry_point = SINGLE_ENTRY_POINT;
+		    afs_syscalls[0] = AFS_SYSCALL;
+		    goto done;
+		}
 	}
-    }
 #endif /* AFS_SYSCALL */
 
 #ifdef AFS_PIOCTL
-  if (setjmp(catch_SIGSYS) == 0)
-    {
-      syscall(AFS_PIOCTL,
-	      0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-      if (errno == EINVAL)
+    if (setjmp(catch_SIGSYS) == 0)
 	{
-	  afs_entry_point = MULTIPLE_ENTRY_POINT;
-	  goto done;
+	    syscall(AFS_PIOCTL,
+		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	    if (errno == EINVAL)
+		{
+		    afs_entry_point = MULTIPLE_ENTRY_POINT;
+		    afs_syscalls[0] = AFS_PIOCTL;
+		    afs_syscalls[1] = AFS_SETPAG;
+		    goto done;
+		}
 	}
-    }
 #endif /* AFS_PIOCTL */
 
 #ifdef AFS_SYSCALL2
-  if (setjmp(catch_SIGSYS) == 0)
-    {
-      syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
-	      0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-      if (errno == EINVAL)
+    if (setjmp(catch_SIGSYS) == 0)
 	{
-	  afs_entry_point = SINGLE_ENTRY_POINT2;
-	  goto done;
+	    syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
+		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	    if (errno == EINVAL)
+		{
+		    afs_entry_point = SINGLE_ENTRY_POINT2;
+		    afs_syscalls[0] = AFS_SYSCALL2;
+		    goto done;
+		}
 	}
-    }
 #endif /* AFS_SYSCALL */
 
-#ifdef _AIX
-  if (setjmp(catch_SIGSYS) == 0)
-    {
-      lpioctl(0, 0, 0, 0);
-      if (errno == EINVAL)
+#ifdef AFS_SYSCALL3
+    if (setjmp(catch_SIGSYS) == 0)
 	{
-	  afs_entry_point = AIX_ENTRY_POINTS;
-	  goto done;
+	    syscall(AFS_SYSCALL3, AFSCALL_PIOCTL,
+		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	    if (errno == EINVAL)
+		{
+		    afs_entry_point = SINGLE_ENTRY_POINT3;
+		    afs_syscalls[0] = AFS_SYSCALL3;
+		    goto done;
+		}
 	}
-    }
-#endif
+#endif /* AFS_SYSCALL */
 
- done:
-  (void) signal(SIGSYS, saved_func);
-  errno = saved_errno;
-  return afs_entry_point != NO_ENTRY_POINT;
-#endif /* linux */
+done:
+    signal(SIGSYS, saved_func);
+#endif /* NO_AFS */
+    errno = saved_errno;
+    return afs_entry_point != NO_ENTRY_POINT;
 }
diff --git a/kerberosIV/kafs/afssysdefs.h b/kerberosIV/kafs/afssysdefs.h
index 2920141794e..7aa113d6f78 100644
--- a/kerberosIV/kafs/afssysdefs.h
+++ b/kerberosIV/kafs/afssysdefs.h
@@ -1,29 +1,71 @@
-/*	$Id: afssysdefs.h,v 1.1 1995/12/14 06:52:46 tholo Exp $	*/
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: afssysdefs.h,v 1.2 1997/11/28 12:48:43 art Exp $ */
 
 /*
  * This section is for machines using single entry point AFS syscalls!
- * or
+ * and/or
  * This section is for machines using multiple entry point AFS syscalls!
+ *
+ * SunOS 4 is an example of single entry point and sgi of multiple
+ * entry point syscalls.
  */
 
-#if defined(sun) && !defined(__svr4__)
+#if SunOS == 4
 #define AFS_SYSCALL	31
 #endif
 
-#if defined(sun) && defined(__svr4__)
+#if SunOS == 5
 #define AFS_SYSCALL	105
 #endif
 
-#if defined(hpux)
+#if defined(__hpux)
 #define AFS_SYSCALL	50
 #define AFS_SYSCALL2	49
+#define AFS_SYSCALL3	48
 #endif
 
 #if defined(_AIX)
 /* _AIX is too weird */
 #endif
 
-#if defined(sgi)
+#if defined(__sgi)
 #define AFS_PIOCTL      (64+1000)
 #define AFS_SETPAG      (65+1000)
 #endif
@@ -32,3 +74,15 @@
 #define AFS_SYSCALL	232
 #define AFS_SYSCALL2	258
 #endif
+
+#if defined(__ultrix)
+#define AFS_SYSCALL	31
+#endif
+
+#if defined(__NetBSD__)
+#define AFS_SYSCALL 210
+#endif
+
+#ifdef SYS_afs_syscall
+#define AFS_SYSCALL3	SYS_afs_syscall
+#endif
diff --git a/kerberosIV/kafs/common.c b/kerberosIV/kafs/common.c
new file mode 100644
index 00000000000..c7f2061a4aa
--- /dev/null
+++ b/kerberosIV/kafs/common.c
@@ -0,0 +1,340 @@
+/* $KTH: common.c,v 1.3 1997/11/03 20:35:24 bg Exp $ */
+
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kafs_locl.h"
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+  for (; *b; a++, b++)
+    if (IsAsciiLower(*b))
+      *a = ToAsciiUpper(*b);
+    else
+      *a = *b;
+  *a = '\0';
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+    struct ViceIoctl parms;
+    struct ClearToken ct;
+    int32_t sizeof_x;
+    char buf[2048], *t;
+    int ret;
+    
+    /*
+     * Build a struct ClearToken
+     */
+    ct.AuthHandle = c->kvno;
+    memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
+    ct.ViceId = uid;	/* is this always valid? */
+    ct.BeginTimestamp = 1 + c->issue_date;
+    ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+
+#define ODD(x) ((x) & 1)
+    /* If we don't know the numerical ID lifetime should be even? */
+    if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	ct.BeginTimestamp--;
+
+    t = buf;
+    /*
+     * length of secret token followed by secret token
+     */
+    sizeof_x = c->ticket_st.length;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, c->ticket_st.dat, sizeof_x);
+    t += sizeof_x;
+    /*
+     * length of clear token followed by clear token
+     */
+    sizeof_x = sizeof(ct);
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, &ct, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * do *not* mark as primary cell
+     */
+    sizeof_x = 0;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    /*
+     * follow with cell name
+     */
+    sizeof_x = strlen(cell) + 1;
+    memcpy(t, cell, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * Build argument block
+     */
+    parms.in = buf;
+    parms.in_size = t - buf;
+    parms.out = 0;
+    parms.out_size = 0;
+    ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
+    return ret;
+}
+
+#if 0
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver)
+{
+    struct dns_reply *r;
+    int ok = -1;
+    r = dns_lookup(cell, "afsdb");
+    if(r){
+	struct resource_record *rr = r->head;
+	while(rr){
+	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+		strncpy(dbserver, rr->u.afsdb->domain, MAXHOSTNAMELEN);
+		dbserver[MaxHostNameLen - 1] = 0;
+		ok = 0;
+		break;
+	    }
+	    rr = rr->next;
+	}
+	dns_free_data(r);
+    }
+    return ok;
+}
+#endif
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(char *file, char ***cells, int *index)
+{
+    FILE *f;
+    char cell[64];
+    int i;
+    f = fopen(file, "r");
+    if (f == NULL)
+	return;
+    while (fgets(cell, sizeof(cell), f)) {
+	char *nl = strchr(cell, '\n');
+	if (nl) *nl = 0;
+	for(i = 0; i < *index; i++)
+	    if(strcmp((*cells)[i], cell) == 0)
+		break;
+	if(i == *index){
+	    *cells = realloc(*cells, (*index + 1) * sizeof(**cells));
+	    (*cells)[(*index)++] = strdup(cell);
+	}
+    }
+    fclose(f);
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(kafs_data *data, char **cells, int max, uid_t uid)
+{
+    int ret = 0;
+    int i;
+    for(i = 0; i < max; i++)
+	ret = (*data->afslog_uid)(data, cells[i], uid);
+    return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid)
+{
+    int ret;
+    char **cells = NULL;
+    int index = 0;
+
+    char *p;
+    
+    if ((p = getenv("HOME"))) {
+	char home[MAXPATHLEN];
+	snprintf(home, sizeof(home), "%s/.TheseCells", p);
+	find_cells(home, &cells, &index);
+    }
+    find_cells(_PATH_THESECELLS, &cells, &index);
+    find_cells(_PATH_THISCELL, &cells, &index);
+    
+    ret = afslog_cells(data, cells, index, uid);
+    while(index > 0)
+	free(cells[--index]);
+    free(cells);
+    return ret;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+   /usr/vice/etc/CellServDB and getting the realm-of-host for the
+   first VL-server for the cell.
+
+   This does not work when the VL-server is living in one realm, but
+   the cell it is serving is living in another realm.
+
+   Return 0 on success, -1 otherwise.
+   */
+
+static int
+realm_of_cell(kafs_data *data, const char *cell, char **realm)
+{
+    FILE *F;
+    char buf[1024];
+    char *p;
+    int ret = -1;
+
+    if ((F = fopen(_PATH_CELLSERVDB, "r")))
+      {
+	while (fgets(buf, sizeof(buf), F))
+	  {
+	    if (buf[0] != '>')
+	      continue;		/* Not a cell name line, try next line */
+	    if (strncmp(buf + 1, cell, strlen(cell)) == 0)
+	      {
+		/*
+		 * We found the cell name we're looking for.
+		 * Read next line on the form ip-address '#' hostname
+		 */
+		if (fgets(buf, sizeof(buf), F) == NULL)
+		  break;	/* Read failed, give up */
+		p = strchr(buf, '#');
+		if (p == NULL)
+		  break;	/* No '#', give up */
+		p++;
+		if (buf[strlen(buf) - 1] == '\n')
+		  buf[strlen(buf) - 1] = 0;
+		*realm = (*data->get_realm)(data, p);
+		if (*realm && **realm != 0)
+		  ret = 0;
+		break;		/* Won't try any more */
+	      }
+	  }
+	fclose(F);
+      }
+#if 0
+    if (realm == NULL) {
+	if (dns_find_cell(cell, buf) == 0)
+	    realm = krb_realmofhost(buf);
+    }
+#endif
+    return ret;
+}
+
+int
+_kafs_get_cred(kafs_data *data,
+	      const char *cell, 
+	      const char *krealm, 
+	      const char *lrealm,
+	      CREDENTIALS *c)
+{
+    int ret = -1;
+    char *vl_realm;
+    char CELL[64];
+
+    /* We're about to find the the realm that holds the key for afs in
+     * the specified cell. The problem is that null-instance
+     * afs-principals are common and that hitting the wrong realm might
+     * yield the wrong afs key. The following assumptions were made.
+     *
+     * Any realm passed to us is preferred.
+     *
+     * If there is a realm with the same name as the cell, it is most
+     * likely the correct realm to talk to.
+     *
+     * In most (maybe even all) cases the database servers of the cell
+     * will live in the realm we are looking for.
+     *
+     * Try the local realm, but if the previous cases fail, this is
+     * really a long shot.
+     *
+     */
+  
+    /* comments on the ordering of these tests */
+
+    /* If the user passes a realm, she probably knows something we don't
+     * know and we should try afs@krealm (otherwise we're talking with a
+     * blondino and she might as well have it.)
+     */
+  
+    if (krealm) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c);
+	if (ret == 0) return 0;
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c);
+    }
+    if (ret == 0) return 0;
+
+    foldup(CELL, cell);
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
+    if (ret == 0) return 0;
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
+    if (ret == 0) return 0;
+    
+    /* this might work in some cases */
+    if (realm_of_cell(data, cell, &vl_realm) == 0) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
+	if (ret)
+	    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
+	free(vl_realm);
+	if (ret == 0) return 0;
+    }
+    
+    if (lrealm)
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c);
+    return ret;
+}
+
+
diff --git a/kerberosIV/kafs/shlib_version b/kerberosIV/kafs/shlib_version
index d9961ea9fef..3066b9771e7 100644
--- a/kerberosIV/kafs/shlib_version
+++ b/kerberosIV/kafs/shlib_version
@@ -1,2 +1,2 @@
-major=4
+major=5
 minor=0