Populate creds in get_new_tickets before actually using it.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>

.gitignore

@@ -1,26 +1,120 @@
-# git-ls-files --others --exclude-from=.git/info/exclude
-# Lines that start with '#' are comments.
-# For a project mostly in C, the following would be a good set of
-# exclude patterns (uncomment them if you want to use them):
-# *.[oa]
-# *~
+# After changing this file, please run:
+#
+#     git ls-files -i --exclude-standard
+#
+# to check that you haven't inadvertently ignored any tracked files.  This
+# command should return no output.  Any files listed by it are files
+# present in the repository but ignored by .gitignore.
+
+# General rules, with some exclusions for where they're too general.
 
 .DS_Store
+.deps/
+.dirstamp
+.libs/
+Makefile
 Makefile.in
+asn1_*.[cx]
+!/lib/asn1/asn1_gen.c
+!/lib/asn1/asn1_print.c
+!/lib/krb5/asn1_glue.c
+*_asn1.h
+!/lib/asn1/heim_asn1.h
+*_asn1.hx
+*_asn1-priv.h
+*_asn1-priv.hx
+*_asn1-template.c
+*_asn1_files
+*_err.[ch]
+!/lib/com_err/com_err.[ch]
+*-commands.[ch]
 *~
+*.a
+*.la
+*.lo
+*.o
+
+# Top-level files.
 
 /aclocal.m4
 /autom4te.cache
 /compile
 /config.guess
+/config.log
+/config.status
 /config.sub
 /configure
 /depcomp
 /install-sh
+/libtool
 /ltmain.sh
 /missing
+/setupbuild.cmd
 /ylwrap
-/appl/login/login_protos.h
+
+/lib/libedit/aclocal.m4
+/lib/libedit/autom4te.cache
+/lib/libedit/compile
+/lib/libedit/config.guess
+/lib/libedit/config.log
+/lib/libedit/config.status
+/lib/libedit/config.sub
+/lib/libedit/configure
+/lib/libedit/depcomp
+/lib/libedit/install-sh
+/lib/libedit/libtool
+/lib/libedit/ltmain.sh
+/lib/libedit/missing
+/lib/libedit/setupbuild.cmd
+/lib/libedit/ylwrap
+
+
+# Files in subdirectories.
+
+/admin/ktutil
+/appl/afsutil/afslog
+/appl/afsutil/pagsh
+/appl/ftp/ftp/ftp
+/appl/ftp/ftpd/ftpcmd.c
+/appl/ftp/ftpd/ftpd
+/appl/ftp/ftpd/gssapi.c
+/appl/ftp/ftpd/security.c
+/appl/ftp/ftpd/security.h
+/appl/gssmask/gssmaestro
+/appl/gssmask/gssmask
+/appl/kf/kf
+/appl/kf/kfd
+/appl/kx/kx
+/appl/kx/kxd
+/appl/kx/rxtelnet
+/appl/kx/rxterm
+/appl/kx/tenletxr
+/appl/login/login
+/appl/login/login-protos.h
+/appl/otp/otp
+/appl/otp/otpprint
+/appl/popper/pop_debug
+/appl/popper/popper
+/appl/push/pfrom
+/appl/push/push
+/appl/rcp/rcp
+/appl/rsh/limits_conf.c
+/appl/rsh/login_access.c
+/appl/rsh/rsh
+/appl/rsh/rshd
+/appl/su/su
+/appl/telnet/telnet/telnet
+/appl/telnet/telnetd/telnetd
+/appl/test/gssapi_client
+/appl/test/gssapi_server
+/appl/test/http_client
+/appl/test/nt_gss_client
+/appl/test/nt_gss_server
+/appl/test/tcp_client
+/appl/test/tcp_server
+/appl/test/uu_client
+/appl/test/uu_server
+/appl/xnlock/xnlock
 /cf/libtool.m4
 /cf/ltoptions.m4
 /cf/ltsugar.m4
@@ -36,32 +130,140 @@ Makefile.in
 /doc/krb5
 /doc/ntlm
 /doc/wind
+/doc/vars.texi
+/doc/doxyout
+/include/*.h
+!/include/crypto-headers.h
+!/include/heim_threads.h
+/include/bits
 /include/config.h.in
-/include/stamp-h.in
-/kcm/kcm_protos.h
+/include/gssapi/*.h
+/include/kadm5/*.h
+/include/stamp-h1
+/include/version.h.in
+/kadmin/add_random_users
+/kadmin/kadmin
+/kadmin/kadmind
+/kcm/kcm
+/kcm/kcm-protos.h
+/kdc/digest-service
+/kdc/hprop
+/kdc/hpropd
+/kdc/kdc
 /kdc/kdc-protos.h
 /kdc/kdc-private.h
+/kdc/kdc-replay
+/kdc/kstash
+/kdc/string2key
+/kpasswd/kpasswd
+/kpasswd/kpasswd-generator
+/kpasswd/kpasswdd
+/kuser/copy_cred_cache
+/kuser/generate-requests
+/kuser/kcc
+/kuser/kdecode_ticket
+/kuser/kdestroy
+/kuser/kdigest
+/kuser/kgetcred
+/kuser/kimpersonate
+/kuser/kinit
+/kuser/klist
+/kuser/kswitch
+/kuser/kverify
+/lib/asn1/asn1_compile
+/lib/asn1/asn1_gen
+/lib/asn1/asn1_print
+/lib/asn1/asn1parse.c
+/lib/asn1/asn1parse.h
 /lib/asn1/der-protos.h
 /lib/asn1/der-private.h
+/lib/asn1/lex.c
 /lib/auth/Makefile.in
+/lib/com_err/compile_et
+/lib/com_err/lex.c
 /lib/com_err/parse.c
 /lib/com_err/parse.h
+/lib/com_err/snprintf.c
+/lib/com_err/strlcpy.c
+/lib/editline/snprintf.c
+/lib/editline/strdup.c
+/lib/editline/strlcat.c
+/lib/editline/testit
+/lib/gssapi/gss
+/lib/gssapi/gsstool
 /lib/gssapi/krb5/gsskrb5-private.h
 /lib/gssapi/ntlm/ntlm-private.h
 /lib/gssapi/spnego/spnego-private.h
+/lib/gssapi/test_context
+/lib/gssapi/test_cred
+/lib/gssapi/test_kcred
+/lib/gssapi/test_ntlm
 /lib/hdb/hdb-protos.h
 /lib/hdb/hdb-private.h
-/lib/hx509/hx509-private.h
-/lib/hx509/hx509-protos.h
-/lib/hx509/data/*.pem
+/lib/hdb/test_dbinfo
+/lib/hdb/test_hdbkeys
+/lib/hdb/test_mkey
 /lib/hx509/data/*.srl
 /lib/hx509/data/*.req
 /lib/hx509/data/sub-ca-combined.crt
+/lib/hx509/hx509-private.h
+/lib/hx509/hx509-protos.h
+/lib/hx509/hxtool
+/lib/hx509/sel-gram.c
+/lib/hx509/sel-gram.h
+/lib/hx509/sel-lex.c
+/lib/ipc/tc
+/lib/ipc/ts
+/lib/ipc/ts-http
+/lib/kadm5/iprop-log
+/lib/kadm5/ipropd-master
+/lib/kadm5/ipropd-slave
+/lib/kadm5/test_pw_quality
 /lib/kadm5/kadm5-protos.h
 /lib/kadm5/kadm5-private.h
+/lib/kafs/resolve.c
+/lib/kafs/strlcpy.c
+/lib/kafs/strsep.c
+/lib/kafs/strtok_r.c
 /lib/krb5/krb5-protos.h
 /lib/krb5/krb5-private.h
+/lib/krb5/krbhst-test
+/lib/krb5/test_alname
+/lib/krb5/test_crypto
+/lib/krb5/test_forward
+/lib/krb5/test_get_addrs
+/lib/krb5/test_gic
+/lib/krb5/test_kuserok
+/lib/krb5/test_renew
+/lib/krb5/test_rfc3961
+/lib/krb5/verify_krb5_conf
 /lib/ntlm/heimntlm-protos.h
+/lib/otp/ndbm_wrap.c
+/lib/otp/ndbm_wrap.h
+/lib/otp/otptest
+/lib/otp/snprintf.c
+/lib/otp/strcasecmp.c
+/lib/otp/strlcat.c
+/lib/otp/strlcpy.c
+/lib/otp/strlwr.c
+/lib/otp/strncasecmp.c
+/lib/roken/glob.h
+/lib/roken/make-roken
+/lib/roken/make-roken.c
+/lib/roken/resolve-test
+/lib/roken/rkpty
+/lib/roken/roken.h
+/lib/roken/snprintf-test
+/lib/roken/vis.h
+/lib/sl/getprogname.c
+/lib/sl/slc
+/lib/sl/slc-gram.c
+/lib/sl/slc-gram.h
+/lib/sl/slc-lex.c
+/lib/sl/snprintf.c
+/lib/sl/strdup.c
+/lib/sl/strtok_r.c
+/lib/sl/strupr.c
 /lib/wind/*.pyc
 /lib/wind/bidi_table.c
 /lib/wind/bidi_table.h
@@ -69,10 +271,30 @@ Makefile.in
 /lib/wind/combining_table.h
 /lib/wind/errorlist_table.c
 /lib/wind/errorlist_table.h
+/lib/wind/idn-lookup
 /lib/wind/map_table.c
 /lib/wind/map_table.h
 /lib/wind/normalize_table.c
 /lib/wind/normalize_table.h
 /lib/wind/punycode_examples.c
 /lib/wind/punycode_examples.h
+/out
+/po/gen-po.sh
 /scripts
+/tests/bin/setup-env
+/tests/can/krb5.conf
+/tests/can/mit-pkinit-20070607.cf
+/tests/db/have-db
+/tests/db/krb5.conf
+/tests/db/krb5.conf-sqlite
+/tests/gss/krb5.conf
+/tests/java/krb5.conf
+/tests/kdc/krb5-pkinit-win.conf
+/tests/kdc/krb5-pkinit.conf
+/tests/kdc/krb5-slave.conf
+/tests/kdc/krb5-weak.conf
+/tests/kdc/krb5.conf
+/tests/ldap/krb5.conf
+/tests/plugin/krb5.conf
+/tools/heimdal-gssapi.pc
+/tools/krb5-config

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 1995 - 2008 Kungliga Tekniska Högskolan
+Copyright (c) 1995 - 2011 Kungliga Tekniska Högskolan
 (Royal Institute of Technology, Stockholm, Sweden). 
 All rights reserved. 
 

Makefile.am

@@ -6,13 +6,21 @@ if KCM
 kcm_dir = kcm
 endif
 
-SUBDIRS=  include lib kuser kdc admin kadmin kpasswd 
-SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc po
+SUBDIRS=  include base lib kuser kdc admin kadmin kpasswd 
+SUBDIRS+= $(kcm_dir) appl tools tests packages etc po
+
+if HEIMDAL_DOCUMENTATION
+SUBDIRS+= doc
+endif
+
+
 
 ## ACLOCAL = @ACLOCAL@ -I cf
 ACLOCAL_AMFLAGS = -I cf
 
 EXTRA_DIST = \
+	NTMakefile \
+	windows \
 	TODO \
 	LICENSE \
 	README \

NEWS

@@ -1,14 +1,80 @@
+Release Notes - Heimdal - Version Heimdal 1.5.1
+
+ Bug fixes
+ - Fix building on Solaris, requires c99
+ - Fix building on Windows
+ - Build system updates
+
+Release Notes - Heimdal - Version Heimdal 1.5
+
+New features
+
+ - Support GSS name extensions/attributes
+ - SHA512 support
+ - No Kerberos 4 support
+ - Basic support for MIT Admin protocol (SECGSS flavor)
+   in kadmind (extract keytab)
+ - Replace editline with libedit
+
+Release Notes - Heimdal - Version Heimdal 1.4
+
+ New features
+ 
+ - Support for reading MIT database file directly
+ - KCM is polished up and now used in production
+ - NTLM first class citizen, credentials stored in KCM
+ - Table driven ASN.1 compiler, smaller!, not enabled by default
+ - Native Windows client support
+
+Notes
+
+ - Disabled write support NDBM hdb backend (read still in there) since
+   it can't handle large records, please migrate to a diffrent backend
+   (like BDB4)
+
+Release Notes - Heimdal - Version Heimdal 1.3.3
+
+ Bug fixes
+ - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
+ - Check NULL pointers before dereference them [kdc]
+
+Release Notes - Heimdal - Version Heimdal 1.3.2
+
+ Bug fixes
+
+ - Don't mix length when clearing hmac (could memset too much)
+ - More paranoid underrun checking when decrypting packets
+ - Check the password change requests and refuse to answer empty packets
+ - Build on OpenSolaris 
+ - Renumber AD-SIGNED-TICKET since it was stolen from US
+ - Don't cache /dev/*random file descriptor, it doesn't get unloaded
+ - Make C++ safe
+ - Misc warnings
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ Bug fixes
+
+ - Store KDC offset in credentials
+ - Many many more bug fixes
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ New features
+
+ - Make work with OpenLDAPs krb5 overlay
+
 Release Notes - Heimdal - Version Heimdal 1.3
 
  New features
 
- - Partital support for MIT kadmind rpc protocol in kadmind
+ - Partial support for MIT kadmind rpc protocol in kadmind
  - Better support for finding keytab entries when using SPN aliases in the KDC
  - Support BER in ASN.1 library (needed for CMS)
  - Support decryption in Keychain private keys
  - Support for new sqlite based credential cache
- - Try both to KDC referals the the common DNS reverse lookup in GSS-API
- - Fix the KCM not not leak resources on failure
+ - Try both KDC referals and the common DNS reverse lookup in GSS-API
+ - Fix the KCM to not leak resources on failure
  - Add IPv6 support to iprop
  - Support localization of error strings in
    kinit/klist/kdestroy and Kerberos library

NTMakefile

@@ -0,0 +1,42 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+!if exist(thirdparty/NTMakefile)
+thirdparty=thirdparty
+!endif
+
+SUBDIRS = include lib\roken base lib kuser kdc admin kadmin kpasswd appl doc \
+	tools tests packages etc $(thirdparty) packages\windows\installer
+
+!include windows/NTMakefile.w32
+
+all::
+	@echo Build finished succesfully

README

@@ -1,12 +1,12 @@
 
 Heimdal is a Kerberos 5 implementation.
 
-Please see the manual in doc, by default installed in
-/usr/heimdal/info/heimdal.info for information on how to install.
-There are also briefer man pages for most of the commands.
+For information how to install see <http://www.h5l.org/compile.html>.
+
+There are briefer man pages for most of the commands.
 
 Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
+the manual on how we prefer them: <heimdal-bugs@h5l.org>.
 
 For more information see the web-page at
 <http://www.h5l.org/> or the mailing lists:

README.fast

@@ -0,0 +1,17 @@
+
+-- in order of preference
+
+- client: support KRB5_PADATA_ENCRYPTED_CHALLENGE in lib/krb5/init_creds_pw.c
+- client: don't support ENC-TS in FAST
+
+- client: plugin support for fast plugins
+
+- kdc: plugin support for fast plugins
+	partly done with "struct kdc_patypes"
+
+- kcm: support FAST armor ticket
+-- using PK-INIT anonymous
+-- using host key
+
+- client: tgs-req fast support
+- kdc: tgs-req fast support

TODO

@@ -1,49 +1,30 @@
 -*- indented-text -*-
 
-$Id$
-
-* configure
-
-* appl
-
-** appl/popper
-
-* doc
-
-* kdc
-
-* kadmin
-
-* kpasswdd
-
-* lib
-
-** lib/asn1
-
-** lib/auth
-
-** lib/auth/sia
-
-** lib/com_err
-
-** lib/des
-
 ** lib/gssapi
 
 cache delegation credentials to avoid hitting the kdc ?  require time
 stampless tickets, and was supported in the recv'ing end with 0.6.1.
 
-** lib/hdb
+make iov work for arcfour
+
+make iov work for ntlm
+
+interop test
+
+make TYPE_STREAM work
 
 ** lib/kadm5
 
 add policies?
 
-fix to use rpc?
-
 ** lib/krb5
 
 verify_user: handle non-secure verification failing because of
 host->realm mapping
 
-** lib/roken
+* windows stuff
+
+-- drop all double negation #ifndef NO_
+-- got though windows specific ifdefs to minimized them
+-- switch to use heim-ipc for services, like the kadmin change notification socket
+-- Unify lib/krb5/expand_path_w32.c

TODO-iov

@@ -1,5 +0,0 @@
-
-make iov work for arcfour
-make iov work for ntlm
-interop test
-make TYPE_STREAM work

admin/Makefile.am

@@ -4,8 +4,6 @@ include $(top_srcdir)/Makefile.am.common
 
 AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
 
-SLC = $(top_builddir)/lib/sl/slc
-
 man_MANS = ktutil.8
 
 sbin_PROGRAMS = ktutil
@@ -42,4 +40,4 @@ LDADD = \
 	$(LIB_readline) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS) ktutil-commands.in
+EXTRA_DIST = NTMakefile ktutil-version.rc $(man_MANS) ktutil-commands.in

admin/NTMakefile

@@ -0,0 +1,74 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=admin 
+cincdirs=$(cincdirs) -I$(OBJ)
+!include ../windows/NTMakefile.w32 
+
+SBINPROGRAMS=$(SBINDIR)\ktutil.exe
+
+KTUTIL_OBJS= \
+	$(OBJ)\add.obj		\
+	$(OBJ)\change.obj	\
+	$(OBJ)\copy.obj		\
+	$(OBJ)\destroy.obj	\
+	$(OBJ)\get.obj		\
+	$(OBJ)\ktutil.obj	\
+	$(OBJ)\ktutil-commands.obj	\
+	$(OBJ)\list.obj		\
+	$(OBJ)\purge.obj	\
+	$(OBJ)\remove.obj	\
+	$(OBJ)\rename.obj
+
+KTUTIL_LIBS= \
+	$(LIBHEIMDAL)	\
+	$(LIBKADM5SRV)	\
+	$(LIBSL)	\
+	$(LIBROKEN)	\
+	$(LIBVERS)
+
+$(SBINDIR)\ktutil.exe: $(KTUTIL_OBJS) $(KTUTIL_LIBS) $(OBJ)\ktutil-version.res
+	$(EXECONLINK)
+	$(EXEPREP)
+
+$(OBJ)\ktutil-commands.c $(OBJ)\ktutil-commands.h: ktutil-commands.in
+	cd $(OBJ)
+	$(CP) $(SRCDIR)\ktutil-commands.in $(OBJ)
+	$(BINDIR)\slc.exe ktutil-commands.in
+	cd $(SRCDIR)
+
+INCFILES=\
+	$(OBJ)\ktutil-commands.h
+
+all:: $(INCFILES) $(SBINPROGRAMS)
+
+clean::
+	-$(RM) $(SBINPROGRAMS:.exe=.*)

admin/add.c

@@ -104,7 +104,7 @@ kt_add(struct add_options *opt, int argc, char **argv)
 	if (opt->hex_flag) {
 	    size_t len;
 	    void *data;
-	
+
 	    len = (strlen(opt->password_string) + 1) / 2;
 
 	    data = malloc(len);
@@ -113,7 +113,7 @@ kt_add(struct add_options *opt, int argc, char **argv)
 		goto out;
 	    }
 
-	    if (hex_decode(opt->password_string, data, len) != len) {
+	    if ((size_t)hex_decode(opt->password_string, data, len) != len) {
 		free(data);
 		krb5_warn(context, ENOMEM, "hex decode failed");
 		goto out;

admin/change.c

@@ -73,7 +73,7 @@ change_entry (krb5_keytab keytab,
 	    free(conf.realm);
 	    krb5_set_error_message(context, ENOMEM, "malloc failed");
 	    return ENOMEM;
-	}	
+	}
 	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
     }
 

admin/get.c

@@ -90,7 +90,8 @@ kt_get(struct get_options *opt, int argc, char **argv)
     void *kadm_handle = NULL;
     krb5_enctype *etypes = NULL;
     size_t netypes = 0;
-    int i, j;
+    size_t i;
+    int a, j;
     unsigned int failed = 0;
 
     if((keytab = ktutil_open_keytab()) == NULL)
@@ -120,7 +121,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
     }
 
 
-    for(i = 0; i < argc; i++){
+    for(a = 0; a < argc; a++){
 	krb5_principal princ_ent;
 	kadm5_principal_ent_rec princ;
 	int mask = 0;
@@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	int created = 0;
 	krb5_keytab_entry entry;
 
-	ret = krb5_parse_name(context, argv[i], &princ_ent);
+	ret = krb5_parse_name(context, argv[a], &princ_ent);
 	if (ret) {
-	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
+	    krb5_warn(context, ret, "can't parse principal %s", argv[a]);
 	    failed++;
 	    continue;
 	}
@@ -156,28 +157,28 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    if(kadm_handle == NULL)
 		break;
 	}
-	
+
 	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
 	if(ret == 0)
 	    created = 1;
 	else if(ret != KADM5_DUP) {
-	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
 	    krb5_free_principal(context, princ_ent);
 	    failed++;
 	    continue;
 	}
 	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
 	    krb5_free_principal(context, princ_ent);
 	    failed++;
 	    continue;
 	}
-	
+
 	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
 			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]);
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
@@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    continue;
 	}
 	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
-	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
+	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]);
 	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
 	mask = KADM5_ATTRIBUTES;
 	if(created) {
@@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	}
 	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]);
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
@@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    int do_add = TRUE;
 
 	    if (netypes) {
-		int k;
+		size_t k;
 
 		do_add = FALSE;
 		for (k = 0; k < netypes; ++k)
@@ -225,7 +226,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    }
 	    krb5_free_keyblock_contents(context, &keys[j]);
 	}
-	
+
 	kadm5_free_principal_ent(kadm_handle, &princ);
 	krb5_free_principal(context, princ_ent);
     }

admin/ktutil-version.rc

@@ -0,0 +1,36 @@
+/***********************************************************************
+ * Copyright (c) 2010, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ **********************************************************************/
+
+#define RC_FILE_TYPE VFT_APP
+#define RC_FILE_DESC_0409 "Kerberos Keytab Tool"
+#define RC_FILE_ORIG_0409 "ktutil.exe"
+
+#include "../windows/version.rc"

admin/ktutil.8

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd April 14, 2005
@@ -40,12 +40,12 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
+.Fl Fl keytab= Ns Ar keytab
 .Xc
 .Oc
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
+.Op Fl v | Fl Fl verbose
+.Op Fl Fl version
+.Op Fl h | Fl Fl help
 .Ar command
 .Op Ar args
 .Sh DESCRIPTION
@@ -53,72 +53,43 @@
 is a program for managing keytabs.
 Supported options:
 .Bl -tag -width Ds
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
+.It Fl v , Fl Fl verbose
 Verbose output.
 .El
 .Pp
 .Ar command
 can be one of the following:
 .Bl -tag -width srvconvert
-.It add Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V Ar kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Op Fl H
-.Op Fl -hex
-.Xc
+.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
+Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
+Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
+Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
+Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
 Adds a key to the keytab. Options that are not specified will be
 prompted for. This requires that you know the password or the hex key of the
 principal to add; if what you really want is to add a new principal to
 the keytab, you should consider the
 .Ar get
 command, which talks to the kadmin server.
-.It change Xo
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
+.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
+Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
+Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
 Update one or several keys to new versions.  By default, use the admin
 server for the realm of a keytab entry.  Otherwise it will use the
 values specified by the options.
 .Pp
 If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
+.It copy Ar keytab-src Ar keytab-dest
 Copies all the entries from
 .Ar keytab-src
 to
 .Ar keytab-dest .
-.It get Xo
-.Op Fl p Ar admin principal
-.Op Fl -principal= Ns Ar admin principal
-.Op Fl e Ar enctype
-.Op Fl -enctypes= Ns Ar enctype
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
+.It get Oo Fl p Ar admin principal Oc \
+Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
+Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
+Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
+Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
+Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
 For each
 .Ar principal ,
 generate a new key for it (creating it if it doesn't already exist),
@@ -128,69 +99,26 @@ If no
 .Ar realm
 is specified, the realm to operate on is taken from the first
 principal.
-.It list Xo
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
+.It list Oo Fl Fl keys Oc Op Fl Fl timestamp
 List the keys stored in the keytab.
-.It remove Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
+.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
+Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
+Oo Fl Fl enctype= Ns Ar enctype Oc
 Removes the specified key or keys. Not specifying a
 .Ar kvno
 removes keys with any version number. Not specifying an
 .Ar enctype
 removes keys of any type.
-.It rename Xo
-.Ar from-principal
-.Ar to-principal
-.Xc
+.It rename Ar from-principal Ar to-principal
 Renames all entries in the keytab that match the
 .Ar from-principal
 to
 .Ar to-principal .
-.It purge Xo
-.Op Fl -age= Ns Ar age
-.Xc
+.It purge Op Fl Fl age= Ns Ar age
 Removes all old versions of a key for which there is a newer version
 that is at least
 .Ar age
 (default one week) old.
-.It srvconvert
-.It srv2keytab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 4 srvtab in
-.Ar srvtab
-to a version 5 keytab and stores it in
-.Ar keytab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Li krb4: Ns Ar srvtab
-.Ar keytab
-.Ed
-.It srvcreate
-.It key2srvtab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 5 keytab in
-.Ar keytab
-to a version 4 srvtab and stores it in
-.Ar srvtab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Ar keytab
-.Li krb4: Ns Ar srvtab
-.Ed
 .El
 .Sh SEE ALSO
 .Xr kadmin 8

admin/ktutil.c

@@ -52,7 +52,7 @@ static struct getargs args[] = {
 	NULL
     },
     {
-	"help",	
+	"help",
 	'h',
 	arg_flag,
 	&help_flag,
@@ -60,7 +60,7 @@ static struct getargs args[] = {
 	NULL
     },
     {
-	"keytab",	
+	"keytab",
 	'k',
 	arg_string,
 	&keytab_string,
@@ -101,7 +101,7 @@ ktutil_open_keytab(void)
     }
     if (verbose_flag)
 	fprintf (stderr, "Using keytab %s\n", keytab_string);
-	
+
     return keytab;
 }
 
@@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv)
 		     argv[0]);
 	} else {
 	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
+		char shelp[] = "--help";
+		char *fake[3];
 		fake[0] = argv[0];
+		fake[1] = shelp;
+		fake[2] = NULL;
 		(*c->func)(2, fake);
 		fprintf(stderr, "\n");
 	    }

admin/list.c

@@ -76,7 +76,7 @@ do_list(struct list_options *opt, const char *keytab_str)
     }
 
     printf ("%s:\n\n", keytab_str);
-	
+
     table = rtbl_create();
     rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT);
     rtbl_add_column_by_id(table, 1, "Type", 0);
@@ -113,7 +113,7 @@ do_list(struct list_options *opt, const char *keytab_str)
 	    rtbl_add_column_entry_by_id(table, 3, buf);
 	}
 	if(opt->keys_flag) {
-	    int i;
+	    size_t i;
 	    s = malloc(2 * entry.keyblock.keyvalue.length + 1);
 	    if (s == NULL) {
 		krb5_warnx(context, "malloc failed");
@@ -129,12 +129,12 @@ do_list(struct list_options *opt, const char *keytab_str)
 	if (entry.aliases) {
 	    unsigned int i;
 	    struct rk_strpool *p = NULL;
-	    
+
 	    for (i = 0; i< entry.aliases->len; i++) {
 		krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
 		rk_strpoolprintf(p, "%s%s", buf,
 				 i + 1 < entry.aliases->len ? ", " : "");
-		
+
 	    }
 	    rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p));
 	}

appl/Makefile.am

@@ -10,6 +10,7 @@ dir_dce = dceutils
 endif
 SUBDIRS = 					\
 	  afsutil				\
+	  dbutils				\
 	  ftp					\
 	  login					\
 	  $(dir_otp)				\
@@ -25,3 +26,5 @@ SUBDIRS = 					\
 	  kx					\
 	  kf					\
 	  $(dir_dce)
+
+EXTRA_DIST = NTMakefile

appl/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl 
+
+!include ../windows/NTMakefile.w32 
+

appl/afsutil/Makefile.am

@@ -2,8 +2,6 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
 bin_PROGRAMS = afslog pagsh
 
 afslog_SOURCES = afslog.c
@@ -13,10 +11,9 @@ pagsh_SOURCES  = pagsh.c
 man_MANS = afslog.1 pagsh.1
 
 LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_hcrypto) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/afsutil/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\afsutil 
+
+!include ../../windows/NTMakefile.w32 
+

appl/afsutil/afslog.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd November 26, 2002
@@ -36,31 +36,30 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm afslog
-.Nd
-obtain AFS tokens
+.Nd obtain AFS tokens
 .Sh SYNOPSIS
 .Nm
-.Op Fl h | Fl -help
-.Op Fl -no-v4
-.Op Fl -no-v5
-.Op Fl u | Fl -unlog
-.Op Fl v | Fl -verbose
-.Op Fl -version
+.Op Fl h | Fl Fl help
+.Op Fl Fl no-v4
+.Op Fl Fl no-v5
+.Op Fl u | Fl Fl unlog
+.Op Fl v | Fl Fl verbose
+.Op Fl Fl version
 .Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
+.Fl Fl cell= Ns Ar cell
 .Xc
 .Oc
 .Oo Fl k Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
+.Fl Fl realm= Ns Ar realm
 .Xc
 .Oc
 .Oo Fl P Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal
+.Fl Fl principal= Ns Ar principal
 .Xc
 .Oc
 .Bk -words
 .Oo Fl p Ar path \*(Ba Xo
-.Fl -file= Ns Ar path
+.Fl Fl file= Ns Ar path
 .Xc
 .Oc
 .Ek
@@ -71,57 +70,57 @@ obtains AFS tokens for a number of cells. What cells to get tokens for
 can either be specified as an explicit list, as file paths to get
 tokens for, or be left unspecified, in which case
 .Nm
-will use whatever magic 
+will use whatever magic
 .Xr krb_afslog 3
 decides upon.
 .Pp
 Supported options:
 .Bl -tag -width Ds
-.It Fl -no-v4
+.It Fl Fl no-v4
 This makes
 .Nm
 not try using Kerberos 4.
-.It Fl -no-v5
+.It Fl Fl no-v5
 This makes
 .Nm
 not try using Kerberos 5.
 .It Xo
 .Fl P Ar principal ,
-.Fl -principal Ar principal
+.Fl Fl principal Ar principal
 .Xc
 select what Kerberos 5 principal to use.
-.It Fl -cache Ar cache
+.It Fl Fl cache Ar cache
 select what Kerberos 5 credential cache to use.
-.Fl -principal
+.Fl Fl principal
 overrides this option.
 .It Xo
 .Fl u ,
-.Fl -unlog
+.Fl Fl unlog
 .Xc
 Destroy tokens instead of obtaining new. If this is specified, all
 other options are ignored (except for
-.Fl -help
+.Fl Fl help
 and
-.Fl -version ) .
+.Fl Fl version ) .
 .It Xo
 .Fl v ,
-.Fl -verbose
+.Fl Fl verbose
 .Xc
 Adds more verbosity for what is actually going on.
 .It Xo
 .Fl c Ar cell,
-.Fl -cell= Ns Ar cell
+.Fl Fl cell= Ns Ar cell
 .Xc
 This specified one or more cell names to get tokens for.
 .It Xo
 .Fl k Ar realm ,
-.Fl -realm= Ns Ar realm
+.Fl Fl realm= Ns Ar realm
 .Xc
 This is the Kerberos realm the AFS servers live in, this should
 normally not be specified.
 .It Xo
 .Fl p Ar path ,
-.Fl -file= Ns Ar path
+.Fl Fl file= Ns Ar path
 .Xc
 This specified one or more file paths for which tokens should be
 obtained.
@@ -132,22 +131,22 @@ Instead of using
 and
 .Fl p ,
 you may also pass a list of cells and file paths after any other
-options. These arguments are considered files if they are either 
+options. These arguments are considered files if they are either
 the strings
 .Do . Dc
 or
-.Dq .. 
+.Dq ..
 or they contain a slash, or if there exists a file by that name.
 .Sh EXAMPLES
-Assuming that there is no file called 
+Assuming that there is no file called
 .Dq openafs.org
-in the current directory, and that 
+in the current directory, and that
 .Pa /afs/openafs.org
 points to that cell, the follwing should be identical:
 .Bd -literal -offset indent
 $ afslog -c openafs.org
 $ afslog openafs.org
 $ afslog /afs/openafs.org/some/file
-.Ed 
+.Ed
 .Sh SEE ALSO
 .Xr krb_afslog 3

appl/afsutil/afslog.c

@@ -180,9 +180,9 @@ afslog_file(const char *path)
 static int
 do_afslog(const char *cell)
 {
-    int k5ret, k4ret;
+    int k5ret;
 
-    k5ret = k4ret = 0;
+    k5ret = 0;
 
 #ifdef KRB5
     if(context != NULL && id != NULL && use_krb5) {
@@ -195,9 +195,9 @@ do_afslog(const char *cell)
 	cell = "<default cell>";
 #ifdef KRB5
     if (k5ret)
-	warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
+	krb5_warn(context, k5ret, "krb5_afslog(%s)", cell);
 #endif
-    if (k5ret || k4ret)
+    if (k5ret)
 	return 1;
     return 0;
 }

appl/afsutil/pagsh.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 2005 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd February 12, 2005
@@ -36,44 +36,45 @@
 .Os Heimdal
 .Sh NAME
 .Nm pagsh
-.Nd
-creates a new credential cache sandbox
+.Nd creates a new credential cache sandbox
 .Sh SYNOPSIS
 .Nm
-.Op Fl c
-.Op Fl h | Fl -help
-.Op Fl -version
-.Op Fl -cache-type= Ns Ar string
+.Op Fl c Ar command-string
+.Op Fl h | Fl Fl help
+.Op Fl Fl version
+.Op Fl Fl cache-type= Ns Ar string
 .Ar command [args...]
 .Sh DESCRIPTION
 Supported options:
 .Bl -tag -width Ds
 .It Xo
-.Fl c
+.Fl c Ar command-string
+Executes command(s) contained in
+.Ar command-string .
 .Xc
 .It Xo
-.Fl -cache-type= Ns Ar string
+.Fl Fl cache-type= Ns Ar string
 .Xc
 .It Xo
 .Fl h ,
-.Fl -help
+.Fl Fl help
 .Xc
 .It Xo
-.Fl -version
+.Fl Fl version
 .Xc
 .El
 .Pp
 .Nm
 creates a new credential cache sandbox for the user to live in.
 If AFS is installed on the computer, the user is put in a newly
-created PAG.
+created Process Authentication Group (PAG).
 .Pp
 For Kerberos 5, the credential cache type that is used is the same as
 the credential cache type that was used at the time of
 .Nm
 invocation.
 The credential cache type can be controlled by the option
-.Fl -cache-type .
+.Fl Fl cache-type .
 .Sh EXAMPLES
 Create a new sandbox where new credentials can be used, while the old
 credentials can be used by other processes.
@@ -89,4 +90,5 @@ $ klist
 klist: No ticket file: /tmp/krb5cc_03014a
 .Ed
 .Sh SEE ALSO
-.Xr afslog 1
+.Xr afslog 1 ,
+.Xr kinit 1

appl/afsutil/pagsh.c

@@ -138,7 +138,7 @@ main(int argc, char **argv)
 	if (name == NULL)
 	    krb5_errx(context, 1, "Generated credential cache have no name");
 
-	snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name);
+	snprintf(tf, sizeof(tf), "%s:%s", krb5_cc_get_type(context, id), name);
 
 	ret = krb5_cc_close(context, id);
 	if (ret)
@@ -169,6 +169,8 @@ main(int argc, char **argv)
 	path = getenv("SHELL");
 	if(path == NULL){
 	    struct passwd *pw = k_getpwuid(geteuid());
+	    if (pw == NULL)
+		errx(1, "no such user: %d", (int)geteuid());
 	    path = strdup(pw->pw_shell);
 	}
     } else {

appl/dbutils/Makefile.am

@@ -0,0 +1,13 @@
+# $Id$
+
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = bsearch
+
+bsearch_SOURCES  = bsearch.c
+
+man_MANS = bsearch.1
+
+EXTRA_DIST = NTMakefile $(man_MANS)
+
+LDADD = $(LIB_roken) $(LIB_vers) $(LIB_heimbase)

appl/dbutils/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\dbutils 
+
+!include ../../windows/NTMakefile.w32 
+

appl/dbutils/bsearch.1

@@ -0,0 +1,114 @@
+.\"
+.\" Copyright (c) 2011, Secure Endpoints Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" - Redistributions of source code must retain the above copyright
+.\"   notice, this list of conditions and the following disclaimer.
+.\"
+.\" - Redistributions in binary form must reproduce the above copyright
+.\"   notice, this list of conditions and the following disclaimer in
+.\"   the documentation and/or other materials provided with the
+.\"   distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+.\" COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 30, 2011
+.Dt BSEARCH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm bsearch
+.Nd manages one-time passwords
+.Sh SYNOPSIS
+.Nm bsearch
+.Op Fl KVvh
+.Op Fl b Ar block-size
+.Op Fl m Ar max-cache-size
+.Ar file
+.Ar [key ...]
+.Sh DESCRIPTION
+The
+.Nm
+program performs binary searches of
+.Ar file
+which must be a sorted flat text file.
+.Pp
+Each line is a record.  Each record starts with a key
+that is optionally followed by whitespace and a value.
+Whitespace may be quoted with a backslash, but newline
+and carriage-return characters must be quoted in some
+other manner (e.g., as backslash-n and backslash-r).
+Escapes are not interpreted nor removed.
+.Pp
+If no key arguments are given on the comman-line, then
+keys will be read from standard input.
+.Pp
+By default only values are printed to standard output.
+Use the -K option to also print keys.  The exit status
+will be non-zero if any key lookups fail.
+.Pp
+Options are:
+.Bl -tag -width Ds
+.It Fl K
+Print keys.
+.It Fl V
+Don't print values.
+.It Fl h
+Print usage and exit.
+.It Fl v
+Print statistic and debug information to standard
+error.
+.Ar file
+A sorted flat text file.  NOTE: use the "C" locale for
+sorting this file, as in "LC_ALL=C sort -u -o file
+file".
+.It Fl h
+For getting a help message.
+.It Fl m
+Set
+.Ar max-cache-size
+as the maximum cache size.  If the
+.Ar file
+is smaller than this size then the whole file will be
+read into memory, else the program will read blocks.
+Defaults to 1MB.
+.It Fl b
+Set
+.Ar block-size
+as the block size for block-wise I/O.  This must be a
+power of 2, must be no smaller than 512 and no larger
+than 1MB.  Defaults to the
+.Ar file's
+filesystem's preferred blocksize.
+.El
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ env LC_ALL=C sort -o /tmp/words /usr/share/dict/words
+$ bsearch -Kv /tmp/words day
+Using whole-file method
+Key day found at offset 327695 in 12 loops and 0 reads
+day
+$ 
+.Sh NOTES
+.Pp
+Records must not be longer than one block's size.
+.Pp
+Flat text files must be sorted in the "C" locale.  In
+some systems the default locale may result in
+case-insensitive sorting by the sort command.
+.Sh SEE ALSO
+.Xr sort 1

appl/dbutils/bsearch.c

@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2011, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <errno.h>
+#include <roken.h>
+#include <heimbase.h>
+#include <getarg.h>
+#include <vers.h>
+
+int help_flag;
+int version_flag;
+int verbose_flag;
+int print_keys_flag;
+int no_values_flag;
+int block_size_int;
+int max_size_int;
+
+struct getargs args[] = {
+    { "print-keys",     'K',  arg_flag, &print_keys_flag,
+	"print keys", NULL },
+    { "no-values",      'V',  arg_flag, &no_values_flag,
+	"don't print values", NULL },
+    { "verbose",        'v',  arg_flag, &verbose_flag,
+	"print statistics and informative messages", NULL },
+    { "help",           'h',  arg_flag, &help_flag,
+	"print usage message", NULL },
+    { "block-size",     'b',  arg_integer, &block_size_int,
+	"block size", "integer" },
+    { "max-cache-size", 'm',  arg_integer, &max_size_int,
+	"maximum cache size", "integer" },
+    { "version",        '\0', arg_flag, &version_flag, NULL, NULL }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int status)
+{
+    arg_printusage(args, num_args, NULL, "file [key ...]");
+    exit(status);
+}
+
+#define MAX_BLOCK_SIZE (1024 * 1024)
+#define DEFAULT_MAX_FILE_SIZE (1024 * 1024)
+
+int
+main(int argc, char **argv)
+{
+    char keybuf[1024];
+    char *fname;
+    char *key = keybuf;
+    char *value;
+    char *p;
+    bsearch_file_handle bfh = NULL;
+    size_t num;
+    size_t loc;           /* index where record is located or to be inserted */
+    size_t loops;         /* number of loops/comparisons needed for lookup */
+    size_t reads = 0;	  /* number of reads needed for a lookup */
+    size_t failures = 0;  /* number of lookup failures -- for exit status */
+    size_t block_size = 0;
+    size_t max_size = 0;
+    int optidx = 0;
+    int blockwise;
+    int ret = 0;
+
+    setprogname(argv[0]);
+    if (getarg(args, num_args, argc, argv, &optidx))
+	usage(1);
+
+    if (version_flag) {
+	print_version(NULL);
+	return 0;
+    }
+
+    if (help_flag)
+	usage(0);
+
+    if (block_size_int != 0 && block_size_int < 512) {
+	fprintf(stderr, "Invalid block size: too small\n");
+	return 1;
+    }
+    if (block_size_int > 0) {
+	/* Check that block_size is a power of 2 */
+	num = block_size_int;
+	while (num) {
+	    if ((num % 2) && (num >> 1)) {
+		fprintf(stderr, "Invalid block size: must be power "
+			"of two\n");
+		return 1;
+	    }
+	    num >>= 1;
+	}
+	if (block_size_int > MAX_BLOCK_SIZE)
+	    fprintf(stderr, "Invalid block size: too large\n");
+	block_size = block_size_int;
+    }
+    if (max_size_int < 0)
+	usage(1);
+    max_size = max_size_int;
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc == 0)
+	usage(1);
+
+    fname = argv[0];
+    argc--;
+    argv++;
+
+    ret = __bsearch_file_open(fname, max_size, block_size, &bfh, &reads);
+    if (ret != 0) {
+	perror("bsearch_file_open");
+	return 1;
+    }
+
+    __bsearch_file_info(bfh, &block_size, &max_size, &blockwise);
+    if (verbose_flag && blockwise) {
+	fprintf(stderr, "Using block-wise method with block size %lu and "
+		"cache size %lu\n",
+		(long unsigned)block_size, (long unsigned)max_size);
+    } else if (verbose_flag) {
+	fprintf(stderr, "Using whole-file method\n");
+    }
+
+    for (;;) {
+	loops = 0; /* reset stats */
+	/* Eww */
+	if (argc) {
+	    key = *(argv++);
+	    if (!key)
+		break;
+	} else {
+	    if (!fgets(keybuf, sizeof (keybuf), stdin))
+		break;
+	    p = strchr(key, '\n');
+	    if (!p)
+		break;
+	    *p = '\0';
+	    if (!*key)
+		continue;
+	}
+	ret = __bsearch_file(bfh, key, &value, &loc, &loops, &reads);
+	if (ret != 0) {
+	    if (ret > 0) {
+		fprintf(stderr, "Error: %s\n", strerror(ret));
+		__bsearch_file_close(&bfh);
+		return 1;
+	    }
+	    if (verbose_flag)
+		fprintf(stderr, "Key %s not found in %lu loops and %lu reads; "
+			"insert at %lu\n", key, (long unsigned)loops,
+			(long unsigned)reads, (long unsigned)loc);
+	    failures++;
+	    continue;
+	}
+	if (verbose_flag)
+	    fprintf(stderr, "Key %s found at offset %lu in %lu loops and "
+		    "%lu reads\n", key, (long unsigned)loc,
+		    (long unsigned)loops, (long unsigned)reads);
+	if (print_keys_flag && !no_values_flag && value)
+	    printf("%s %s\n", key, value);
+	else if (print_keys_flag)
+	    printf("%s\n", key);
+	else if (no_values_flag && value)
+	    printf("%s\n", value);
+	free(value);
+    }
+    if (failures)
+	return 2;
+    __bsearch_file_close(&bfh);
+    return 0;
+}

appl/dceutils/Makefile.am

@@ -24,6 +24,7 @@ k5dcecon_SOURCES  = k5dcecon.c k5dce.h
 dpagaix_SOURCES = dpagaix.c
 
 EXTRA_DIST = \
+	NTMakefile \
 	dfspag.exp \
 	README.dcedfs \
 	README.original \

appl/dceutils/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\dceutils 
+
+!include ../../windows/NTMakefile.w32 
+

appl/dceutils/k5dce.h

@@ -55,7 +55,7 @@ typedef unsigned char   krb5_octet;
 typedef krb5_octet      krb5_boolean;
 typedef krb5short       krb5_keytype; /* in k5.2 it's a short */
 typedef krb5_int32      krb5_flags;
-typedef krb5_int32  krb5_timestamp;
+typedef krb5_int32  krb5_timestamp; /* is a time_t in krb5.h */
 
 typedef char * krb5_pointer;  /* pointer to unexposed data */
 

appl/dceutils/k5dcecon.c

@@ -601,7 +601,7 @@ int k5dcecreate(luid, luser, pname, krbtgt)
 				"Error while adding credentials for %s because %s\n",
 				username, err_string);
 	    goto abort;
-	  }	
+	  }
 	  DEEDEBUG("validating and certifying\n");
 	  /*
 	   * Now "validate" and certify the identity,

appl/ftp/Makefile.am

@@ -3,3 +3,5 @@
 include $(top_srcdir)/Makefile.am.common
 
 SUBDIRS = common ftp ftpd
+
+EXTRA_DIST = NTMakefile

appl/ftp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp 
+
+!include ../../windows/NTMakefile.w32 
+

appl/ftp/common/Makefile.am

@@ -2,11 +2,11 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_krb4) 
-
 noinst_LIBRARIES = libcommon.a
 
 libcommon_a_SOURCES = \
 	sockbuf.c \
 	buffer.c \
 	common.h
+
+EXTRA_DIST = NTMakefile

appl/ftp/common/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\common 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftp/Makefile.am

@@ -41,4 +41,4 @@ LDADD = \
 	$(LIB_roken) \
 	$(LIB_readline)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/ftp/ftp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\ftp 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftp/cmds.c

@@ -987,7 +987,7 @@ setprompt(int argc, char **argv)
 void
 setglob(int argc, char **argv)
 {
-	
+
 	doglob = !doglob;
 	printf("Globbing %s.\n", onoff(doglob));
 	code = doglob;
@@ -1759,6 +1759,11 @@ setnmap(int argc, char **argv)
 	mapflag = 1;
 	code = 1;
 	cp = strchr(altarg, ' ');
+	if (cp == NULL) {
+		printf("Usage: %s missing space\n",argv[0]);
+		code = -1;
+		return;
+	}
 	if (proxy) {
 		while(*++cp == ' ')
 			continue;

appl/ftp/ftp/cmdtab.c

@@ -196,7 +196,7 @@ struct cmd cmdtab[] = {
 #if defined(KRB5)
 	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
 #endif
-	
+
 	{ 0 },
 };
 

appl/ftp/ftp/ftp.1

@@ -53,8 +53,8 @@ file transfer program
 .Op Fl t
 .Op Fl v
 .Op Fl x
-.Op Fl -no-gss-bindings
-.Op Fl -no-gss-delegate
+.Op Fl Fl no-gss-bindings
+.Op Fl Fl no-gss-delegate
 .Op Ar host
 .Sh DESCRIPTION
 .Nm
@@ -103,10 +103,10 @@ Turn on passive mode.
 Enables debugging.
 .It Fl g
 Disables file name globbing.
- .It Fl -no-gss-bindings
+ .It Fl Fl no-gss-bindings
 Don't use GSS-API bindings when talking to peer. IP addresses will not
 be checked to ensure they match.
-.It Fl -no-gss-delegate
+.It Fl Fl no-gss-delegate
 Disable delegation of GSSAPI credentials.
 .It Fl l
 Disables command line editing.

appl/ftp/ftp/ftp.c

@@ -89,7 +89,7 @@ hookup (const char *host, int port)
 	    strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf));
 
 	memcpy (hisctladdr, a->ai_addr, a->ai_addrlen);
-	
+
 	error = connect (s, a->ai_addr, a->ai_addrlen);
 	if (error < 0) {
 	    char addrstr[256];
@@ -98,7 +98,7 @@ hookup (const char *host, int port)
 			     addrstr, sizeof(addrstr),
 			     NULL, 0, NI_NUMERICHOST) != 0)
 		strlcpy (addrstr, "unknown address", sizeof(addrstr));
-			
+
 	    warn ("connect %s", addrstr);
 	    close (s);
 	    s = -1;
@@ -622,7 +622,7 @@ copy_stream (FILE * from, FILE * to)
 		    goto try_read;
 		break;
 	    }
-		
+
 	    res = sec_write (fileno (to), chunk, len);
 	    if (msync (chunk, len, MS_ASYNC))
 		warn ("msync");
@@ -678,7 +678,7 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
     char *rmode = "w";
 
     if (verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
+	if (strcmp (local, "-") != 0)
 	    printf ("local: %s ", local);
 	if (remote)
 	    printf ("remote: %s\n", remote);
@@ -909,7 +909,7 @@ recvrequest (char *cmd, char *local, char *remote,
 
     is_retr = strcmp (cmd, "RETR") == 0;
     if (is_retr && verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
+	if (strcmp (local, "-") != 0)
 	    printf ("local: %s ", local);
 	if (remote)
 	    printf ("remote: %s\n", remote);
@@ -936,7 +936,7 @@ recvrequest (char *cmd, char *local, char *remote,
 	return;
     }
     oldintr = signal (SIGINT, abortrecv);
-    if (!local_given || (strcmp (local, "-") && *local != '|')) {
+    if (!local_given || (strcmp(local, "-") && *local != '|')) {
 	if (access (local, 2) < 0) {
 	    char *dir = strrchr (local, '/');
 

appl/ftp/ftp/gssapi.c

@@ -45,9 +45,9 @@ RCSID("$Id$");
 int ftp_do_gss_bindings = 0;
 int ftp_do_gss_delegate = 1;
 
-struct gss_data {
+struct gssapi_data {
     gss_ctx_id_t context_hdl;
-    char *client_name;
+    gss_name_t client_name;
     gss_cred_id_t delegated_cred_handle;
     void *mech_data;
 };
@@ -55,7 +55,7 @@ struct gss_data {
 static int
 gss_init(void *app_data)
 {
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     d->context_hdl = GSS_C_NO_CONTEXT;
     d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 #if defined(FTP_SERVER)
@@ -85,7 +85,7 @@ gss_decode(void *app_data, void *buf, int len, int level)
     gss_buffer_desc input, output;
     gss_qop_t qop_state;
     int conf_state;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     size_t ret_len;
 
     input.length = len;
@@ -114,20 +114,21 @@ gss_overhead(void *app_data, int level, int len)
 static int
 gss_encode(void *app_data, void *from, int length, int level, void **to)
 {
-    OM_uint32 maj_stat, min_stat;
+    OM_uint32 min_stat;
     gss_buffer_desc input, output;
     int conf_state;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
 
     input.length = length;
     input.value = from;
-    maj_stat = gss_wrap (&min_stat,
-			 d->context_hdl,
-			 level == prot_private,
-			 GSS_C_QOP_DEFAULT,
-			 &input,
-			 &conf_state,
-			 &output);
+    /* XXX We should really display the major status... */
+    (void) gss_wrap(&min_stat,
+		    d->context_hdl,
+		    level == prot_private,
+		    GSS_C_QOP_DEFAULT,
+		    &input,
+		    &conf_state,
+		    &output);
     *to = output.value;
     return output.length;
 }
@@ -158,7 +159,7 @@ sockaddr_to_gss_address (struct sockaddr *sa,
     }
     default :
 	errx (1, "unknown address family %d", sa->sa_family);
-	
+
     }
 }
 
@@ -173,7 +174,7 @@ gss_adat(void *app_data, void *buf, size_t len)
     gss_buffer_desc input_token, output_token;
     OM_uint32 maj_stat, min_stat;
     gss_name_t client_name;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     gss_channel_bindings_t bindings;
 
     if (ftp_do_gss_bindings) {
@@ -187,7 +188,7 @@ gss_adat(void *app_data, void *buf, size_t len)
 	sockaddr_to_gss_address (ctrl_addr,
 				 &bindings->acceptor_addrtype,
 				 &bindings->acceptor_address);
-	
+
 	bindings->application_data.length = 0;
 	bindings->application_data.value = NULL;
     } else
@@ -219,32 +220,8 @@ gss_adat(void *app_data, void *buf, size_t len)
 	gss_release_buffer(&min_stat, &output_token);
     }
     if(maj_stat == GSS_S_COMPLETE){
-	char *name;
-	gss_buffer_desc export_name;
-	gss_OID oid;
-
-	maj_stat = gss_display_name(&min_stat, client_name,
-				    &export_name, &oid);
-	if(maj_stat != 0) {
-	    reply(500, "Error displaying name");
-	    goto out;
-	}
-	/* XXX kerberos */
-	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
-	    reply(500, "OID not kerberos principal name");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name = malloc(export_name.length + 1);
-	if(name == NULL) {
-	    reply(500, "Out of memory");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	memcpy(name, export_name.value, export_name.length);
-	name[export_name.length] = '\0';
-	gss_release_buffer(&min_stat, &export_name);
-	d->client_name = name;
+	d->client_name = client_name;
+	client_name = GSS_C_NO_NAME;
 	if(p)
 	    reply(235, "ADAT=%s", p);
 	else
@@ -272,19 +249,19 @@ gss_adat(void *app_data, void *buf, size_t len)
 	gss_release_buffer(&new_stat, &status_string);
 	reply(431, "Security resource unavailable");
     }
-  out:
+
     if (client_name)
 	gss_release_name(&min_stat, &client_name);
     free(p);
     return 0;
 }
 
-int gss_userok(void*, char*);
-int gss_session(void*, char*);
+int gssapi_userok(void*, char*);
+int gssapi_session(void*, char*);
 
 struct sec_server_mech gss_server_mech = {
     "GSSAPI",
-    sizeof(struct gss_data),
+    sizeof(struct gssapi_data),
     gss_init, /* init */
     NULL, /* end */
     gss_check_prot,
@@ -296,8 +273,8 @@ struct sec_server_mech gss_server_mech = {
     gss_adat,
     NULL, /* pbsz */
     NULL, /* ccc */
-    gss_userok,
-    gss_session
+    gssapi_userok,
+    gssapi_session
 };
 
 #else /* FTP_SERVER */
@@ -326,7 +303,7 @@ import_name(const char *kname, const char *host, gss_name_t *target_name)
 	OM_uint32 new_stat;
 	OM_uint32 msg_ctx = 0;
 	gss_buffer_desc status_string;
-	
+
 	gss_display_status(&new_stat,
 			   min_stat,
 			   GSS_C_MECH_CODE,
@@ -357,11 +334,11 @@ gss_auth(void *app_data, char *host)
     char *p;
     int n;
     gss_channel_bindings_t bindings;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
 
     const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
-	
+
 
     if(import_name(*kname++, host, &target_name))
 	return AUTH_ERROR;
@@ -373,14 +350,14 @@ gss_auth(void *app_data, char *host)
 	bindings = malloc(sizeof(*bindings));
 	if (bindings == NULL)
 	    errx(1, "out of memory");
-	
+
 	sockaddr_to_gss_address (myctladdr,
 				 &bindings->initiator_addrtype,
 				 &bindings->initiator_address);
 	sockaddr_to_gss_address (hisctladdr,
 				 &bindings->acceptor_addrtype,
 				 &bindings->acceptor_address);
-	
+
 	bindings->application_data.length = 0;
 	bindings->application_data.value = NULL;
     } else
@@ -421,7 +398,7 @@ gss_auth(void *app_data, char *host)
 		}
 		continue;
 	    }
-	
+
 	    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
 		free(bindings);
 
@@ -514,7 +491,7 @@ gss_auth(void *app_data, char *host)
 	    gss_release_name(&min_stat, &targ_name);
 	} else
 	    printf("Failed to get gss name of peer.\n");
-    }	
+    }
 
 
     return AUTH_OK;
@@ -522,7 +499,7 @@ gss_auth(void *app_data, char *host)
 
 struct sec_client_mech gss_client_mech = {
     "GSSAPI",
-    sizeof(struct gss_data),
+    sizeof(struct gssapi_data),
     gss_init,
     gss_auth,
     NULL, /* end */

appl/ftp/ftp/main.c

@@ -142,7 +142,7 @@ main(int argc, char **argv)
 	}
 	if (argc > 0) {
 	    char *xargv[5];
-	
+
 	    if (setjmp(toplevel))
 		exit(0);
 	    signal(SIGINT, intr);
@@ -217,7 +217,7 @@ tail(filename)
 	char *filename;
 {
 	char *s;
-	
+
 	while (*filename) {
 		s = strrchr(filename, '/');
 		if (s == NULL)
@@ -555,10 +555,9 @@ help(int argc, char **argv)
 		for (i = 0; i < lines; i++) {
 			for (j = 0; j < columns; j++) {
 				c = cmdtab + j * lines + i;
-				if (c->c_name && (!proxy || c->c_proxy)) {
+				if ((!proxy || c->c_proxy)) {
 					printf("%s", c->c_name);
-				}
-				else if (c->c_name) {
+				} else {
 					for (k=0; k < strlen(c->c_name); k++) {
 						putchar(' ');
 					}

appl/ftp/ftp/security.c

@@ -81,7 +81,7 @@ name_to_level(const char *name)
     for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
 	if(!strncasecmp(level_names[i].name, name, strlen(name)))
 	    return level_names[i].level;
-    return (enum protection_level)-1;
+    return prot_invalid;
 }
 #endif
 
@@ -550,14 +550,20 @@ void mec(char *msg, enum protection_level level)
     }
     buf_size = strlen(msg) + 2;
     buf = malloc(buf_size);
+    if (buf == NULL) {
+	reply(501, "Failed to allocate %lu", (unsigned long)buf_size);
+	return;
+    }
     len = base64_decode(msg, buf);
     command_prot = level;
     if(len == (size_t)-1) {
+	free(buf);
 	reply(501, "Failed to base64-decode command");
 	return;
     }
     len = (*mech->decode)(app_data, buf, len, level);
     if(len == (size_t)-1) {
+	free(buf);
 	reply(535, "Failed to decode command");
 	return;
     }
@@ -677,7 +683,7 @@ set_command_prot(enum protection_level level)
 	ret = command("CCC");
 	if(ret != COMPLETE) {
 	    printf("Failed to clear command channel.\n");
-	    return -1;
+	    return prot_invalid;
 	}
     }
     command_prot = level;
@@ -812,7 +818,7 @@ sec_login(char *host)
 	    return -1;
 	}
 	app_data = tmp;
-	
+
 	if((*m)->init && (*(*m)->init)(app_data) != 0) {
 	    printf("Skipping %s...\n", (*m)->name);
 	    continue;
@@ -834,7 +840,7 @@ sec_login(char *host)
 	}
 
 	ret = (*(*m)->auth)(app_data, host);
-	
+
 	if(ret == AUTH_CONTINUE)
 	    continue;
 	else if(ret != AUTH_OK){

appl/ftp/ftp/security.h

@@ -37,10 +37,11 @@
 #define __security_h__
 
 enum protection_level {
-    prot_clear,
-    prot_safe,
-    prot_confidential,
-    prot_private
+    prot_invalid = -1,
+    prot_clear = 0,
+    prot_safe = 1,
+    prot_confidential = 2,
+    prot_private = 3
 };
 
 struct sec_client_mech {

appl/ftp/ftpd/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+AM_CPPFLAGS += -I$(srcdir)/../common -DFTP_SERVER
 
 libexec_PROGRAMS = ftpd
 
@@ -24,7 +24,6 @@ ftpd_SOURCES =		\
 	security.c	\
 	kauth.c		\
 	klist.c		\
-	$(krb4_sources) \
 	$(krb5_sources)
 
 EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c
@@ -47,8 +46,7 @@ LDADD = ../common/libcommon.a \
 	$(LIB_gssapi) \
 	$(LIB_krb5) \
 	$(LIB_kafs) \
-	$(LIB_krb4) \
 	$(LIB_hcrypto) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/ftp/ftpd/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\ftpd 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftpd/ftpcmd.y

@@ -155,13 +155,13 @@ cmd
 		{
 		    if ($5) {
 			if (paranoid &&
-			    (data_dest->sa_family != AF_INET ||
-			     (ntohs(data_dest->sin_port) < IPPORT_RESERVED) ||
-			     memcmp(data_dest->sin_addr,
-				    &his_addr->sin_addr,
-				    sizeof(data_dest.sin_addr)) != 0)) {
+			    (data_dest->sa_family != his_addr->sa_family ||
+			     (socket_get_port(data_dest) < IPPORT_RESERVED) ||
+			     memcmp(socket_get_address(data_dest),
+				    socket_get_address(his_addr),
+				    socket_addr_size(his_addr)) != 0)) {
 			    usedefault = 1;
-			    reply(500, "Illegal PORT range rejected.");			    
+			    reply(500, "Illegal PORT range rejected.");
 			} else {
 			    usedefault = 0;
 			    if (pdata >= 0) {
@@ -1013,7 +1013,7 @@ struct tab sitetab[] = {
 	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
 
 	{ "URL",  URL,  ARGS, 1,	"?" },
-	
+
 	{ NULL,   0,    0,    0,	0 }
 };
 

appl/ftp/ftpd/ftpd.8

@@ -47,11 +47,11 @@
 .Op Fl p Ar port
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
-.Op Fl -gss-bindings
-.Op Fl I | Fl -no-insecure-oob
+.Op Fl Fl gss-bindings
+.Op Fl I | Fl Fl no-insecure-oob
 .Op Fl u Ar default umask
-.Op Fl B | Fl -builtin-ls
-.Op Fl -good-chars= Ns Ar string
+.Op Fl B | Fl Fl builtin-ls
+.Op Fl Fl good-chars= Ns Ar string
 .Sh DESCRIPTION
 .Nm Ftpd
 is the
@@ -101,7 +101,7 @@ Debugging information is written to the syslog using LOG_FTP.
 .It Fl g
 Anonymous users will get a umask of
 .Ar umask .
-.It Fl -gss-bindings
+.It Fl Fl gss-bindings
 require the peer to use GSS-API bindings (ie make sure IP addresses match).
 .It Fl i
 Open a socket and wait for a connection. This is mainly used for
@@ -144,16 +144,16 @@ revert to the old behavior.
 Verbose mode.
 .It Xo
 .Fl B ,
-.Fl -builtin-ls
+.Fl Fl builtin-ls
 .Xc
 use built-in ls to list files
 .It Xo
-.Fl -good-chars= Ns Ar string
+.Fl Fl good-chars= Ns Ar string
 .Xc
 allowed anonymous upload filename chars
 .It Xo
 .Fl I
-.Fl -no-insecure-oob
+.Fl Fl no-insecure-oob
 .Xc
 don't allow insecure out of band.
 Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning

appl/ftp/ftpd/ftpd.c

@@ -191,7 +191,7 @@ parse_auth_level(char *str)
 	else
 	    warnx("bad value for -a: `%s'", p);
     }
-    return ret;	
+    return ret;
 }
 
 /*
@@ -277,7 +277,7 @@ main(int argc, char **argv)
 
     if(help_flag)
 	usage(0);
-	
+
     if(version_flag) {
 	print_version(NULL);
 	exit(0);
@@ -288,7 +288,7 @@ main(int argc, char **argv)
     {
 	char *p;
 	long val = 0;
-	
+
 	if(guest_umask_string) {
 	    val = strtol(guest_umask_string, &p, 8);
 	    if (*p != '\0' || val < 0)
@@ -319,7 +319,7 @@ main(int argc, char **argv)
 	    else
 		warnx("bad value for -p");
     }
-		
+
     if (maxtimeout < ftpd_timeout)
 	maxtimeout = ftpd_timeout;
 
@@ -329,7 +329,7 @@ main(int argc, char **argv)
 #endif
 
     if(interactive_flag)
-	mini_inetd (port);
+	mini_inetd(port, NULL);
 
     /*
      * LOG_NDELAY sets up the logging connection immediately,
@@ -346,14 +346,9 @@ main(int argc, char **argv)
 	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
 	exit(1);
     }
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    {
-	int tos = IPTOS_LOWDELAY;
-
-	if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-		       (void *)&tos, sizeof(int)) < 0)
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
+#if defined(IP_TOS)
+    if (ctrl_addr->sa_family == AF_INET)
+	socket_set_tos(STDIN_FILENO, IP_TOS);
 #endif
     data_source->sa_family = ctrl_addr->sa_family;
     socket_set_port (data_source,
@@ -401,7 +396,7 @@ main(int argc, char **argv)
     show_file(_PATH_FTPWELCOME, 220);
     /* reply(220,) must follow */
     gethostname(hostname, sizeof(hostname));
-	
+
     reply(220, "%s FTP server (%s"
 #ifdef KRB5
 	  "+%s"
@@ -947,7 +942,7 @@ pass(char *passwd)
 	}
 	if(!do_login(230, passwd))
 	  return;
-	
+
 	/* Forget all about it... */
 	end_login();
 }
@@ -983,7 +978,7 @@ retrieve(const char *cmd, char *name)
 		    for(p = cmds; p->ext; p++){
 			char *tail = name + strlen(name) - strlen(p->ext);
 			char c = *tail;
-			
+
 			if(strcmp(tail, p->ext) == 0 &&
 			   (*tail  = 0) == 0 &&
 			   access(name, R_OK) == 0){
@@ -1007,7 +1002,7 @@ retrieve(const char *cmd, char *name)
 			        free(ext);
 			    }
 			}
-			
+
 		    }
 		    if(p->ext){
 			fin = ftpd_popen(line, "r", 0, 0);
@@ -1111,10 +1106,14 @@ do_store(char *name, char *mode, int unique)
 
 	if(guest && filename_check(name))
 	    return;
-	if (unique && stat(name, &st) == 0 &&
-	    (name = gunique(name)) == NULL) {
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
-		return;
+	if (unique) {
+	    char *uname;
+	    if (stat(name, &st) == 0) {
+		if ((uname = gunique(name)) == NULL)
+		    return;
+		name = uname;
+	    }
+	    LOGCMD(*mode == 'w' ? "put" : "append", name);
 	}
 
 	if (restart_point)
@@ -1272,13 +1271,9 @@ dataconn(const char *name, off_t size, const char *mode)
 		}
 		close(pdata);
 		pdata = s;
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-		{
-		    int tos = IPTOS_THROUGHPUT;
-		
-		    setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
-			       sizeof(tos));
-		}
+#if defined(IPTOS_THROUGHPUT)
+		if (from->sa_family == AF_INET)
+		    socket_set_tos(s, IPTOS_THROUGHPUT);
 #endif
 		reply(150, "Opening %s mode data connection for '%s'%s.",
 		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
@@ -1369,7 +1364,7 @@ send_data(FILE *instr, FILE *outstr)
 		goto data_err;
 	    reply(226, "Transfer complete.");
 	    return;
-		
+
 	case TYPE_I:
 	case TYPE_L:
 #if 0 /* XXX handle urg flag */
@@ -1553,13 +1548,13 @@ receive_data(FILE *instr, FILE *outstr)
 	urgflag = 0;
 	return (-1);
     }
-	
+
 data_err:
     transflag = 0;
     urgflag = 0;
     perror_reply(426, "Data Connection");
     return (-1);
-	
+
 file_err:
     transflag = 0;
     urgflag = 0;
@@ -1883,7 +1878,7 @@ dologout(int status)
     exit(status);
 #else
     _exit(status);
-#endif	
+#endif
 }
 
 void abor(void)
@@ -2093,7 +2088,7 @@ eprt(char *str)
 	case 2 :
 	    data_dest->sa_family = AF_INET6;
 	    break;
-#endif		
+#endif
 	case 1 :
 	    data_dest->sa_family = AF_INET;
 		break;
@@ -2334,7 +2329,7 @@ out:
     transflag = 0;
     if (dout != NULL){
 	sec_write(fileno(dout), buf, 0); /* XXX flush */
-	
+
 	fclose(dout);
     }
     data = -1;

appl/ftp/ftpd/gss_userok.c

@@ -33,122 +33,43 @@
 
 #include "ftpd_locl.h"
 #include <gssapi/gssapi.h>
-#include <gssapi/gssapi_krb5.h>
-#include <krb5.h>
-
-/* XXX a bit too much of krb5 dependency here...
-   What is the correct way to do this?
-   */
-
-struct gss_krb5_data {
-    krb5_context context;
-};
 
 /* XXX sync with gssapi.c */
-struct gss_data {
+struct gssapi_data {
     gss_ctx_id_t context_hdl;
-    char *client_name;
+    gss_name_t client_name;
     gss_cred_id_t delegated_cred_handle;
     void *mech_data;
 };
 
-int gss_userok(void*, char*); /* to keep gcc happy */
-int gss_session(void*, char*); /* to keep gcc happy */
+int gssapi_userok(void*, char*); /* to keep gcc happy */
+int gssapi_session(void*, char*); /* to keep gcc happy */
 
 int
-gss_userok(void *app_data, char *username)
+gssapi_userok(void *app_data, char *username)
 {
-    struct gss_data *data = app_data;
-    krb5_error_code ret;
-    krb5_principal client;
-    struct gss_krb5_data *kdata;
+    struct gssapi_data *data = app_data;
 
-    kdata = calloc(1, sizeof(struct gss_krb5_data));
-    if (kdata == NULL)
-	return 1;
-    data->mech_data = kdata;
-
-    ret = krb5_init_context(&(kdata->context));
-    if (ret) {
-	free(kdata);
-	return 1;
-    }
-
-    ret = krb5_parse_name(kdata->context, data->client_name, &client);
-    if(ret) {
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-    ret = krb5_kuserok(kdata->context, client, username);
-    if (!ret) {
-	krb5_free_principal(kdata->context, client);
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-
-    ret = 0;
-    krb5_free_principal(kdata->context, client);
-    return ret;
+    /* Yes, this logic really is inverted. */
+    return !gss_userok(data->client_name, username);
 }
 
 int
-gss_session(void *app_data, char *username)
+gssapi_session(void *app_data, char *username)
 {
-    struct gss_data *data = app_data;
-    krb5_error_code ret;
-    OM_uint32 minor_status;
-    struct gss_krb5_data *kdata;
+    struct gssapi_data *data = app_data;
+    OM_uint32 major, minor;
+    int ret = 0;
 
-    ret = 0;
-
-    kdata = (struct gss_krb5_data *)(data->mech_data);
-
-    /* more of krb-depend stuff :-( */
-    /* gss_add_cred() ? */
     if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
-	krb5_ccache ccache = NULL;
-	const char* ticketfile;
-	struct passwd *kpw;
-
-	ret = krb5_cc_new_unique(kdata->context, NULL, NULL, &ccache);
-	if (ret)
-	    goto fail;
-	
-	ticketfile = krb5_cc_get_name(kdata->context, ccache);
-
-	ret = gss_krb5_copy_ccache(&minor_status,
-				   data->delegated_cred_handle,
-				   ccache);
-	if (ret) {
-	    ret = 0;
-	    goto fail;
-	}
-
-	do_destroy_tickets = 1;
-
-	kpw = getpwnam(username);
-
-	if (kpw == NULL) {
-	    unlink(ticketfile);
-	    ret = 1;
-	    goto fail;
-	}
-
-	chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
-
-	if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) {
-	    esetenv ("KRB5CCNAME", k5ccname, 1);
-	}
+        major = gss_store_cred(&minor, data->delegated_cred_handle,
+                               GSS_C_INITIATE, GSS_C_NO_OID,
+                               1, 1, NULL, NULL);
+        if (GSS_ERROR(major))
+            ret = 1;
 	afslog(NULL, 1);
-    fail:
-	if (ccache)
-	    krb5_cc_close(kdata->context, ccache);
     }
 
-    gss_release_cred(&minor_status, &data->delegated_cred_handle);
-    krb5_free_context(kdata->context);
-    free(kdata);
+    gss_release_cred(&minor, &data->delegated_cred_handle);
     return ret;
 }

appl/ftp/ftpd/klist.c

@@ -101,7 +101,7 @@ print_tickets (krb5_context context,
 				     &cursor,
 				     &cred)) == 0) {
 	if (print_cred(context, &cred))
-	    return 500;		
+	    return 500;
 	krb5_free_cred_contents (context, &cred);
     }
     if (ret != KRB5_CC_END) {
@@ -137,7 +137,7 @@ klist5(void)
     else
 	ret = krb5_cc_default (context, &ccache);
     if (ret) {
-	lreply(500, "krb5_cc_default: %d", ret);	
+	lreply(500, "krb5_cc_default: %d", ret);
 	return 500;
     }
 
@@ -155,7 +155,7 @@ klist5(void)
 
     ret = krb5_cc_close (context, ccache);
     if (ret) {
-	lreply(500, "krb5_cc_close: %d", ret);	
+	lreply(500, "krb5_cc_close: %d", ret);
 	exit_status = 500;
     }
 

appl/ftp/ftpd/logwtmp.c

@@ -64,6 +64,7 @@ RCSID("$Id$");
 #include <roken.h>
 #include "extern.h"
 
+#ifndef HAVE_UTMPX_H
 #ifndef WTMP_FILE
 #ifdef _PATH_WTMP
 #define WTMP_FILE _PATH_WTMP
@@ -71,6 +72,7 @@ RCSID("$Id$");
 #define WTMP_FILE "/var/adm/wtmp"
 #endif
 #endif
+#endif
 
 #ifdef HAVE_ASL_H
 
@@ -109,11 +111,17 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
 #ifdef WTMPX_FILE
     static int fdx;
 #endif
+#ifdef HAVE_UTMP_H
     struct utmp ut;
-#ifdef WTMPX_FILE
+#endif
+#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H)
     struct utmpx utx;
 #endif
 
+#ifdef HAVE_UTMPX_H
+    memset(&utx, 0, sizeof(struct utmpx));
+#endif
+#ifdef HAVE_UTMP_H
     memset(&ut, 0, sizeof(struct utmp));
 #ifdef HAVE_STRUCT_UTMP_UT_TYPE
     if(name[0])
@@ -130,8 +138,9 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
     strncpy(ut.ut_host, host, sizeof(ut.ut_host));
 #endif
     ut.ut_time = time(NULL);
+#endif
 
-#ifdef WTMPX_FILE
+#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H)
     strncpy(utx.ut_line, line, sizeof(utx.ut_line));
     strncpy(utx.ut_user, name, sizeof(utx.ut_user));
     strncpy(utx.ut_host, host, sizeof(utx.ut_host));
@@ -154,18 +163,26 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
 	utx.ut_type = DEAD_PROCESS;
 #endif
 
+#ifdef HAVE_UTMPX_H
+    pututxline(&utx);
+#endif
+
     if(!init){
+#ifdef WTMP_FILE
 	fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
+#endif
 #ifdef WTMPX_FILE
 	fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
 #endif
 	init = 1;
     }
     if(fd >= 0) {
+#ifdef WTMP_FILE
 	write(fd, &ut, sizeof(struct utmp)); /* XXX */
+#endif
 #ifdef WTMPX_FILE
 	write(fdx, &utx, sizeof(struct utmpx));
-#endif	
+#endif
     }
 }
 

appl/ftp/ftpd/ls.c

@@ -425,19 +425,19 @@ lstat_file (const char *file, struct stat *sb)
 	static ino_t	   ino_counter = 0, ino_last = 0;
 	int		   ret;
 	const int	   maxsize = 2048;
-	
+
 	path_bkp = strdup (file);
 	if (path_bkp == NULL)
 	    return -1;
-	
+
 	a_params.out = malloc (maxsize);
 	if (a_params.out == NULL) {
 	    free (path_bkp);
 	    return -1;
 	}
-	
+
 	/* If path contains more than the filename alone - split it */
-	
+
 	last = strrchr (path_bkp, '/');
 	if (last != NULL) {
 	    if(last[1] == '\0')
@@ -457,10 +457,10 @@ lstat_file (const char *file, struct stat *sb)
 	    dir = ".";
 	    a_params.in = path_bkp;
 	}
-	
+
 	a_params.in_size  = strlen (a_params.in) + 1;
 	a_params.out_size = maxsize;
-	
+
 	ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0);
 	free (a_params.out);
 	if (ret < 0) {
@@ -602,7 +602,7 @@ list_files(FILE *out, const char **files, int n_files, int flags)
 	max_inode = find_log10(max_inode);
 	max_bsize = find_log10(max_bsize);
 	max_n_link = find_log10(max_n_link);
-	
+
 	if(n_print > 0)
 	    sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks);
 	if(flags & LS_SORT_REVERSE)

appl/ftp/ftpd/popen.c

@@ -196,8 +196,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 		close(pdes[0]);
 	}
 	pids[fileno(iop)] = pid;
-	
-pfree:	
+
+pfree:
 	for (argc = 1; gargv[argc] != NULL; argc++)
 	    free(gargv[argc]);
 

appl/gssmask/Makefile.am

@@ -8,5 +8,6 @@ gssmask_SOURCES = gssmask.c common.c common.h protocol.h
 
 gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
 
-LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la
 
+EXTRA_DIST = NTMakefile

appl/gssmask/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\gssmask 
+
+!include ../../windows/NTMakefile.w32 
+

appl/gssmask/gssmaestro.c

@@ -327,7 +327,7 @@ build_context(struct client *ipeer, struct client *apeer,
     krb5_data_zero(&itoken);
 
     while (!iDone || !aDone) {
-	
+
 	if (iDone) {
 	    warnx("iPeer already done, aPeer want extra rtt");
 	    val = GSMERR_ERROR;
@@ -405,7 +405,7 @@ build_context(struct client *ipeer, struct client *apeer,
 out:
     return val;
 }
-			
+
 static void
 test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
 {
@@ -540,17 +540,17 @@ test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int w
 	    if (val) return val;
 	    val = test_wrap_ext(c2, hc2, c1, hc1, 1, 0);
 	    if (val) return val;
-	    
+
 	    val = test_wrap_ext(c1, hc1, c2, hc2, 1, 1);
 	    if (val) return val;
 	    val = test_wrap_ext(c2, hc2, c1, hc1, 1, 1);
 	    if (val) return val;
-	    
+
 	    val = test_wrap_ext(c1, hc1, c2, hc2, 0, 0);
 	    if (val) return val;
 	    val = test_wrap_ext(c2, hc2, c1, hc1, 0, 0);
 	    if (val) return val;
-	    
+
 	    val = test_wrap_ext(c1, hc1, c2, hc2, 0, 1);
 	    if (val) return val;
 	    val = test_wrap_ext(c2, hc2, c1, hc1, 0, 1);
@@ -780,7 +780,7 @@ main(int argc, char **argv)
     if (password == NULL)
 	errx(1, "password missing from %s", user);
     *password++ = 0;
-	
+
     if (slaves.num_strings == 0)
 	errx(1, "no principals");
 
@@ -834,7 +834,7 @@ main(int argc, char **argv)
 	int32_t hCred, val, delegCred;
 	int32_t clientC, serverC;
 	struct client *c = clients[i];
-	
+
 	if (c->target_name == NULL)
 	    continue;
 
@@ -893,18 +893,18 @@ main(int argc, char **argv)
 	int32_t hCred, val, delegCred = 0;
 	int32_t clientC = 0, serverC = 0;
 	struct client *client, *server;
-	
+
 	p = list[i];
-	
+
 	client = get_client(p[0]);
-	
+
 	val = acquire_cred(client, user, password, 1, &hCred);
 	if (val != GSMERR_OK)
 	    errx(1, "failed to acquire_cred: %d", (int)val);
 
 	for (j = 1; j < num_clients + 1; j++) {
 	    server = get_client(p[j % num_clients]);
-	
+
 	    if (server->target_name == NULL)
 		break;
 
@@ -921,11 +921,11 @@ main(int argc, char **argv)
 		warnx("build_context failed: %d", (int)val);
 		break;
 	    }
-	
+
 	    val = test_token(client, clientC, server, serverC, wrap_ext);
 	    if (val)
 		break;
-	
+
 	    toast_resource(client, clientC);
 	    toast_resource(server, serverC);
 	    if (!delegCred) {

appl/gssmask/gssmask.c

@@ -229,7 +229,7 @@ acquire_cred(struct client *c,
 		   "krb5_get_init_creds failed: %d", ret);
 	return convert_krb5_to_gsm(ret);
     }
-	
+
     ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
     if (ret)
 	krb5_err (context, 1, ret, "krb5_cc_initialize");
@@ -358,7 +358,7 @@ HandleOP(InitContext)
 	if (ctx)
 	    krb5_errx(context, 1, "initcreds, context not NULL, but first req");
     }
-	
+
     if ((flags & GSS_C_DELEG_FLAG) != 0)
 	logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating");
     if ((flags & GSS_C_DCE_STYLE) != 0)
@@ -427,7 +427,6 @@ HandleOP(AcceptContext)
     gss_ctx_id_t ctx;
     gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
     gss_buffer_desc input_token, output_token;
-    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
 
     ret32(c, hContext);
     ret32(c, flags);
@@ -440,7 +439,6 @@ HandleOP(AcceptContext)
     if (in_token.length) {
 	input_token.length = in_token.length;
 	input_token.value = in_token.data;
-	input_token_ptr = &input_token;
     } else {
 	input_token.length = 0;
 	input_token.value = NULL;
@@ -484,7 +482,7 @@ HandleOP(AcceptContext)
 	gss_release_cred(&min_stat, &deleg_cred);
 	deleg_hcred = 0;
     }
-	
+
 
     gsm_error = convert_gss_to_gsm(maj_stat);
 
@@ -799,7 +797,7 @@ HandleOP(Unwrap)
 
     if (maj_stat != GSS_S_COMPLETE)
 	errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
-	
+
     krb5_data_free(&token);
     if (maj_stat == GSS_S_COMPLETE) {
 	token.data = output_token.value;
@@ -848,22 +846,12 @@ HandleOP(CallExtension)
     errx(1, "CallExtension");
 }
 
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_enterprise_cert (
-	krb5_context /*context*/,
-	const char */*user_id*/,
-	krb5_const_realm /*realm*/,
-	krb5_principal */*principal*/);
-
-
 static int
 HandleOP(AcquirePKInitCreds)
 {
-    krb5_error_code ret;
     int32_t flags;
     krb5_data pfxdata;
     char fn[] = "FILE:/tmp/pkcs12-creds-XXXXXXX";
-    const char *default_realm = "H5L.ORG";
     krb5_principal principal = NULL;
     int fd;
 
@@ -878,13 +866,6 @@ HandleOP(AcquirePKInitCreds)
     krb5_data_free(&pfxdata);
     close(fd);
 
-    /* get credentials */
-
-    ret = _krb5_pk_enterprise_cert(context, fn, default_realm, &principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pk_enterprise_certs");
-
-
     if (principal)
 	krb5_free_principal(context, principal);
 
@@ -1030,7 +1011,7 @@ HandleOP(UnwrapExt)
 
     if (maj_stat != GSS_S_COMPLETE)
 	errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
-	
+
     if (maj_stat == GSS_S_COMPLETE) {
 	token.data = iov[1].buffer.value;
 	token.length = iov[1].buffer.length;
@@ -1117,7 +1098,7 @@ create_client(int fd, int port, const char *moniker)
     {
 	c->salen = sizeof(c->sa);
 	getpeername(fd, (struct sockaddr *)&c->sa, &c->salen);
-	
+
 	getnameinfo((struct sockaddr *)&c->sa, c->salen,
 		    c->servername, sizeof(c->servername),
 		    NULL, 0, NI_NUMERICHOST);
@@ -1252,7 +1233,7 @@ main(int argc, char **argv)
 	    err(1, "error opening %s", lf);
     }
 
-    mini_inetd(htons(port));
+    mini_inetd(htons(port), NULL);
     fprintf(logfile, "connected\n");
 
     {

appl/kf/Makefile.am

@@ -17,4 +17,4 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/kf/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\kf 
+
+!include ../../windows/NTMakefile.w32 
+

appl/kf/kf.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd July  2, 2000
@@ -41,20 +41,20 @@
 .Nm
 .Oo
 .Fl p Ar port |
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Oc
 .Oo
 .Fl l Ar login |
-.Fl -login Ns = Ns Ar login
+.Fl Fl login Ns = Ns Ar login
 .Oc
 .Oo
 .Fl c Ar ccache |
-.Fl -ccache Ns = Ns Ar ccache
+.Fl Fl ccache Ns = Ns Ar ccache
 .Oc
 .Op Fl F | -forwardable
 .Op Fl G | -no-forwardable
 .Op Fl h | -help
-.Op Fl -version
+.Op Fl Fl version
 .Ar host ...
 .Sh DESCRIPTION
 The
@@ -65,17 +65,17 @@ Options supported are:
 .Bl -tag -width indent
 .It Xo
 .Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Xc
 port to connect to
 .It Xo
 .Fl l Ar login ,
-.Fl -login Ns = Ns Ar login
+.Fl Fl login Ns = Ns Ar login
 .Xc
 remote login name
 .It Xo
 .Fl c Ar ccache ,
-.Fl -ccache Ns = Ns Ar ccache
+.Fl Fl ccache Ns = Ns Ar ccache
 .Xc
 remote cred cache
 .It Fl F , -forwardable
@@ -83,7 +83,7 @@ forward forwardable credentials
 .It Fl G , -no-forwardable
 do not forward forwardable credentials
 .It Fl h , -help
-.It Fl -version
+.It Fl Fl version
 .El
 .Pp
 .Nm
@@ -94,7 +94,7 @@ In order for
 .Nm
 to work you will need to acquire your initial ticket with forwardable
 flag, i.e.
-.Nm kinit Fl -forwardable .
+.Nm kinit Fl Fl forwardable .
 .Pp
 .Nm telnet
 is able to forward tickets by itself.

appl/kf/kf.c

@@ -146,6 +146,7 @@ proto (int sock, const char *hostname, const char *service,
 					     auth_context,
 					     &sock);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_auth_con_setaddr");
 	return 1;
     }
@@ -156,6 +157,7 @@ proto (int sock, const char *hostname, const char *service,
 				      KRB5_NT_SRV_HST,
 				      &server);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_sname_to_principal");
 	return 1;
     }
@@ -174,6 +176,7 @@ proto (int sock, const char *hostname, const char *service,
 			    NULL,
 			    NULL);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn(context, status, "krb5_sendauth");
 	return 1;
     }
@@ -185,6 +188,7 @@ proto (int sock, const char *hostname, const char *service,
     data_send.length = strlen(remote_name) + 1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_write_message");
 	return 1;
     }
@@ -192,6 +196,7 @@ proto (int sock, const char *hostname, const char *service,
     data_send.length = strlen(ccache_name)+1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_write_message");
 	return 1;
     }
@@ -200,12 +205,14 @@ proto (int sock, const char *hostname, const char *service,
 
     status = krb5_cc_default (context, &ccache);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_cc_default");
 	return 1;
     }
 
     status = krb5_cc_get_principal (context, ccache, &principal);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_cc_get_principal");
 	return 1;
     }
@@ -220,6 +227,7 @@ proto (int sock, const char *hostname, const char *service,
 				  NULL);
 
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_make_principal");
 	return 1;
     }
@@ -238,6 +246,7 @@ proto (int sock, const char *hostname, const char *service,
 				       &creds,
 				       &data);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_get_forwarded_creds");
 	return 1;
     }
@@ -245,6 +254,7 @@ proto (int sock, const char *hostname, const char *service,
     status = krb5_write_priv_message(context, auth_context, &sock, &data);
 
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_mk_priv");
 	return 1;
     }
@@ -252,6 +262,7 @@ proto (int sock, const char *hostname, const char *service,
     krb5_data_free (&data);
 
     status = krb5_read_priv_message(context, auth_context, &sock, &data);
+    krb5_auth_con_free(context, auth_context);
     if (status) {
 	krb5_warn (context, status, "krb5_mk_priv");
 	return 1;

appl/kf/kfd.8

@@ -1,34 +1,34 @@
 .\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd July  2, 2000
@@ -41,15 +41,15 @@
 .Nm
 .Oo
 .Fl p Ar port |
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Oc
 .Op Fl i | -inetd
 .Oo
 .Fl R Ar regpag |
-.Fl -regpag Ns = Ns Ar regpag
+.Fl Fl regpag Ns = Ns Ar regpag
 .Oc
 .Op Fl h | -help
-.Op Fl -version
+.Op Fl Fl version
 .Sh DESCRIPTION
 This is the daemon for
 .Xr kf 1 .
@@ -57,14 +57,14 @@ Supported options:
 .Bl -tag -width indent
 .It Xo
 .Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Xc
 port to listen to
 .It Fl i , -inetd
 not started from inetd
 .It Xo
 .Fl R Ar regpag ,
-.Fl -regpag= Ns Ar regpag
+.Fl Fl regpag= Ns Ar regpag
 .Xc
 path to regpag binary
 .El

appl/kf/kfd.c

@@ -274,14 +274,17 @@ proto (int sock, const char *service)
 
     data.data = ret_string;
     data.length = strlen(ret_string) + 1;
-    return krb5_write_priv_message(context, auth_context, &sock, &data);
+    status = krb5_write_priv_message(context, auth_context, &sock, &data);
+    krb5_auth_con_free(context, auth_context);
+
+    return status;
 }
 
 static int
 doit (int port, const char *service)
 {
     if (do_inetd)
-	mini_inetd(port);
+	mini_inetd(port, NULL);
     return proto (STDIN_FILENO, service);
 }
 

appl/kx/Makefile.am

@@ -46,7 +46,7 @@ kxd_SOURCES = \
 
 EXTRA_kxd_SOURCES = writeauth.c
 
-EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in $(man_MANS)
+EXTRA_DIST = NTMakefile rxterm.in rxtelnet.in tenletxr.in $(man_MANS)
 
 man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
 

appl/kx/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\kx 
+
+!include ../../windows/NTMakefile.w32 
+

appl/kx/common.c

@@ -270,7 +270,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	     tmp = try_socket (&s[n], dpy, *path);
 	     if (tmp == -1) {
 		 if (errno != ENOTDIR && errno != ENOENT)
-		     return -1;
+		     err(1, "failed to open '%s'", *path);
 	     } else if (tmp == 1) {
 		 while(--n >= 0) {
 		     close (s[n].fd);
@@ -288,7 +288,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	     tmp = try_pipe (&s[n], dpy, *path);
 	     if (tmp == -1) {
 		 if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
-		     return -1;
+		     err(1, "failed to open '%s'", *path);
 	     } else if (tmp == 1) {
 		 while (--n >= 0) {
 		     close (s[n].fd);
@@ -306,7 +306,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	 if (tcp_socket) {
 	     tmp = try_tcp (&s[n], dpy);
 	     if (tmp == -1)
-		 return -1;
+		 err(1, "failed to open tcp stocket");
 	     else if (tmp == 1) {
 		 while (--n >= 0) {
 		     close (s[n].fd);
@@ -693,7 +693,7 @@ replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
      if (f != NULL) {
 	 Xauth *auth = find_auth_cookie (f);
 	 u_char len[6] = {0, 0, 0, 0, 0, 0};
-	
+
 	 fclose (f);
 
 	 if (auth != NULL) {

appl/kx/krb5.c

@@ -51,6 +51,33 @@ typedef struct krb5_kx_context krb5_kx_context;
 #define K5DATA(kc) ((krb5_kx_context*)kc->data)
 #define CONTEXT(kc) (K5DATA(kc)->context)
 
+/*
+ *
+ */
+
+static void
+ksyslog(krb5_context context, krb5_error_code ret, const char *fmt, ...)
+	__attribute__((__format__(__printf__, 3, 0)));
+
+static void
+ksyslog(krb5_context context, krb5_error_code ret, const char *fmt, ...)
+{
+    const char *msg;
+    char *str = NULL;
+    va_list va;
+
+    msg = krb5_get_error_message(context, ret);
+
+    va_start(va, fmt);
+    vasprintf(&str, fmt, va);
+    va_end(va);
+
+    syslog(LOG_ERR, "%s: %s", str, msg);
+
+    krb5_free_error_message(context, msg);
+    free(str);
+}
+
 /*
  * Destroy the krb5 context in `c'.
  */
@@ -229,7 +256,7 @@ copy_out (kx_context *kc, int from_fd, int to_fd)
     }
     return krb5_write (kc, to_fd, buf, len);
 }
-	
+
 /*
  * Copy from the socket `from_fd' decrypting to `to_fd'.
  * Return 0, -1 or len.
@@ -378,8 +405,7 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
     ret = krb5_sock_to_principal (CONTEXT(kc), sock, "host",
 				  KRB5_NT_SRV_HST, &server);
     if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
-		krb5_get_err_text (CONTEXT(kc), ret));
+	ksyslog (CONTEXT(kc), ret, "krb5_sock_to_principal");
 	exit (1);
     }
 
@@ -393,22 +419,19 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
 			 &ticket);
     krb5_free_principal (CONTEXT(kc), server);
     if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
-		krb5_get_err_text (CONTEXT(kc), ret));
+	ksyslog (CONTEXT(kc), ret, "krb5_recvauth");
 	exit (1);
     }
 
     ret = krb5_auth_con_getkey (CONTEXT(kc), auth_context, &K5DATA(kc)->keyblock);
     if (ret) {
-	syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
-		krb5_get_err_text (CONTEXT(kc), ret));
+	ksyslog (CONTEXT(kc), ret, "krb5_auth_con_getkey");
 	exit (1);
     }
 
     ret = krb5_crypto_init (CONTEXT(kc), K5DATA(kc)->keyblock, 0, &K5DATA(kc)->crypto);
     if (ret) {
-	syslog (LOG_ERR, "krb5_crypto_init: %s",
-		krb5_get_err_text (CONTEXT(kc), ret));
+	ksyslog (CONTEXT(kc), ret, "krb5_crypto_init");
 	exit (1);
     }
 
@@ -416,6 +439,8 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
     ticket->client = NULL;
     krb5_free_ticket (CONTEXT(kc), ticket);
 
+    krb5_auth_con_free(CONTEXT(kc), auth_context);
+
     return 0;
 }
 

appl/kx/kx.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996 - 1997 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd September 27, 1996
@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kx
-.Nd
-securely forward X conections
+.Nd securely forward X conections
 .Sh SYNOPSIS
 .Ar kx
 .Op Fl l Ar username

appl/kx/kx.c

@@ -182,7 +182,7 @@ status_output (int debugp)
 	printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile);
     else {
 	pid_t pid;
-	
+
 	pid = fork();
 	if (pid < 0) {
 	    err(1, "fork");
@@ -279,7 +279,7 @@ doit_passive (kx_context *kc)
 	     p++;
 	     p += kx_get_int (p, &tmp, 4, 0);
 	 }
-	
+
 	 ++nchild;
 	 child = fork ();
 	 if (child < 0) {
@@ -292,7 +292,7 @@ doit_passive (kx_context *kc)
 	     close (otherside);
 
 	     socket_set_port(kc->thataddr, htons(tmp));
-		
+
 	     fd = socket (kc->thataddr->sa_family, SOCK_STREAM, 0);
 	     if (fd < 0)
 		 err(1, "socket");
@@ -428,7 +428,7 @@ doit_active (kx_context *kc)
 
     tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
     if (tmp2 < 0)
-	return 1;
+	errx(1, "Failed to open sockets");
     display_num = tmp2;
     if (kc->tcp_flag)
 	snprintf (display, display_size, "localhost:%u", display_num);
@@ -436,10 +436,9 @@ doit_active (kx_context *kc)
 	snprintf (display, display_size, ":%u", display_num);
     error = create_and_write_cookie (xauthfile, xauthfile_size,
 				     cookie, cookie_len);
-    if (error) {
-	warnx ("failed creating cookie file: %s", strerror(error));
-	return 1;
-    }
+    if (error)
+	errx(1, "failed creating cookie file: %s", strerror(error));
+
     status_output (kc->debug_flag);
     for (;;) {
 	fd_set fdset;

appl/kx/kxd.8

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996 - 1997, 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd September 27, 1996
@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kxd
-.Nd
-securely forward X conections
+.Nd securely forward X conections
 .Sh SYNOPSIS
 .Ar kxd
 .Op Fl t

appl/kx/kxd.c

@@ -99,6 +99,7 @@ cleanup(int nsockets, struct x_socket *sockets)
 	    free (sockets[i].pathname);
 	}
     }
+    free(sockets);
 }
 
 /*
@@ -170,11 +171,17 @@ recv_conn (int sock, kx_context *kc,
      if (*p != INIT)
 	 fatal(kc, sock, "Bad message");
      p++;
+     if ((p - msg) < sizeof(msg))
+	 fatal(kc, sock, "user");
+
      p += kx_get_int (p, &tmp32, 4, 0);
-     len = min(sizeof(user), tmp32);
-     memcpy (user, p, len);
+     if (tmp32 >= sizeof(user) - 1)
+	 fatal(kc, sock, "user name too long");
+     if ((p - msg) + tmp32 >= sizeof(msg))
+	 fatal(kc, sock, "user too long");
+     memcpy (user, p, tmp32);
      p += tmp32;
-     user[len] = '\0';
+     user[tmp32] = '\0';
 
      passwd = k_getpwnam (user);
      if (passwd == NULL)
@@ -184,6 +191,9 @@ recv_conn (int sock, kx_context *kc,
 	 fatal (kc, sock, "%s not allowed to login as %s",
 		kc->user, user);
 
+     if ((p - msg) >= sizeof(msg))
+	 fatal(kc, sock, "user too long");
+
      flags = *p++;
 
      if (flags & PASSIVE) {
@@ -239,15 +249,17 @@ recv_conn (int sock, kx_context *kc,
      umask(077);
      if (!(flags & PASSIVE)) {
 	 p += kx_get_int (p, &tmp32, 4, 0);
-	 len = min(tmp32, display_size);
-	 memcpy (display, p, len);
-	 display[len] = '\0';
+	 if (tmp32 > display_size)
+	     fatal(kc, sock, "display too large");
+	 if ((p - msg) + tmp32 + 8 >= sizeof(msg))
+	     fatal(kc, sock, "user too long");
+	 memcpy (display, p, tmp32);
+	 display[tmp32] = '\0';
 	 p += tmp32;
 	 p += kx_get_int (p, &tmp32, 4, 0);
 	 len = min(tmp32, xauthfile_size);
 	 memcpy (xauthfile, p, len);
 	 xauthfile[len] = '\0';
-	 p += tmp32;
      }
 #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
      if (flags & KEEP_ALIVE) {
@@ -412,7 +424,7 @@ close_connection(int fd, const char *message)
     p += mlen;
     while((p - buf) % 4)		/* pad to multiple of 4 bytes */
 	*p++ = 0;
-	
+
     /* now fill in length of additional data */
     if(lsb) {
 	buf[6] = (p - buf - 8) / 4;
@@ -490,7 +502,7 @@ doit_passive (kx_context *kc,
     memcpy (p, xauthfile, len);
     p += len;
     rem -= len;
-	
+
     if(kx_write (kc, sock, msg, p - msg) < 0) {
 	syslog (LOG_ERR, "write: %m");
 	cleanup(nsockets, sockets);
@@ -503,7 +515,7 @@ doit_passive (kx_context *kc,
 	int i;
 	int ret;
 	int cookiesp = TRUE;
-	
+
 	FD_ZERO(&fds);
 	if (sock >= FD_SETSIZE) {
 	    syslog (LOG_ERR, "fd too large");
@@ -628,7 +640,7 @@ doit_active (kx_context *kc,
 
     p = msg;
     *p++ = ACK;
-	
+
     if(kx_write (kc, sock, msg, p - msg) < 0) {
 	syslog (LOG_ERR, "write: %m");
 	return 1;
@@ -636,7 +648,7 @@ doit_active (kx_context *kc,
     for (;;) {
 	pid_t child;
 	int len;
-	
+
 	len = kx_read (kc, sock, msg, sizeof(msg));
 	if (len < 0) {
 	    syslog (LOG_ERR, "read: %m");
@@ -760,7 +772,7 @@ main (int argc, char **argv)
     }
 
     if (!inetd_flag)
-	mini_inetd (port);
+	mini_inetd (port, NULL);
 
      signal (SIGCHLD, childhandler);
      return doit(STDIN_FILENO, tcp_flag);

appl/kx/rxtelnet.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996 - 1998, 2001 - 2002 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd March  7, 2004
@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm rxtelnet
-.Nd
-start a telnet and forward X-connections.
+.Nd start a telnet and forward X-connections.
 .Sh SYNOPSIS
 .Nm rxtelnet
 .Op Fl l Ar username

appl/kx/rxterm.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996 - 1997, 2001 - 2003 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd April 11, 2003
@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm rxterm
-.Nd
-start a secure remote xterm
+.Nd start a secure remote xterm
 .Sh SYNOPSIS
 .Nm rxterm
 .Op Fl l Ar username

appl/kx/tenletxr.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd March 31, 1997
@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm tenletxr
-.Nd
-forward X-connections backwards.
+.Nd forward X-connections backwards.
 .Sh SYNOPSIS
 .Nm tenletxr
 .Op Fl l Ar username

appl/login/Makefile.am

@@ -12,7 +12,7 @@ login_SOURCES =					\
 		login.c				\
 		login_access.c			\
 		login_locl.h			\
-		login_protos.h			\
+		login-protos.h			\
 		loginpaths.h			\
 		limits_conf.c			\
 		osfc2.c				\
@@ -32,9 +32,9 @@ LDADD = $(LIB_otp) \
 	$(LIB_security) \
 	$(DBLIB)
 
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
+$(srcdir)/login-protos.h:
+	cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h
 
-$(login_OBJECTS): $(srcdir)/login_protos.h
+$(login_OBJECTS): $(srcdir)/login-protos.h
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/login/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\login 
+
+!include ../../windows/NTMakefile.w32 
+

appl/login/env.c

@@ -82,7 +82,7 @@ copy_env(void)
 	extend_env(*p);
 }
 
-int
+void
 login_read_env(const char *file)
 {
     char **newenv;
@@ -93,11 +93,13 @@ login_read_env(const char *file)
     i = read_environment(file, &newenv);
     for (j = 0; j < i; j++) {
 	p = strchr(newenv[j], '=');
+	if (p == NULL)
+	    errx(1, "%s: missing = in string %s",
+		 file, newenv[j]);
 	*p++ = 0;
 	add_env(newenv[j], p);
 	*--p = '=';
 	free(newenv[j]);
     }
     free(newenv);
-    return 0;
 }

appl/login/limits_conf.c

@@ -192,7 +192,7 @@ read_limits_conf(const char *file, const struct passwd *pwd)
 		continue;
 	    l->has_limit = level;
 	}
-	
+
 	/* XXX unclear: if you soft to more than default hard, should
            we set hard to soft? this code doesn't. */
 	if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)

appl/login/login.1

@@ -1,12 +1,11 @@
 .\" $Id$
-.\" 
+.\"
 .Dd April 22, 2005
 .Dt LOGIN 1
 .Os HEIMDAL
 .Sh NAME
 .Nm login
-.Nd
-authenticate a user and start new session
+.Nd authenticate a user and start new session
 .Sh SYNOPSIS
 .Nm
 .Op Fl fp
@@ -14,8 +13,8 @@ authenticate a user and start new session
 .Op Fl h Ar hostname
 .Ar [username]
 .Sh DESCRIPTION
-This manual page documents  the 
-.Nm login 
+This manual page documents  the
+.Nm login
 program distributed with the Heimdal Kerberos 5 implementation, it may
 differ in important ways from your system version.
 .Pp
@@ -23,7 +22,7 @@ The
 .Nm login
 programs logs users into the system. It is intended to be run by
 system daemons like
-.Xr getty 8 
+.Xr getty 8
 or
 .Xr telnetd 8 .
 If you are already logged in, but want to change to another user, you
@@ -33,16 +32,16 @@ should use
 A username can be given on the command line, else one will be prompted
 for.
 .Pp
-A password is required to login, unless the 
+A password is required to login, unless the
 .Fl f
 option is given (indicating that the calling program has already done
 proper authentication). With
 .Fl f
-the user will be logged in without further questions. 
+the user will be logged in without further questions.
 .Pp
 For password authentication Kerberos 5, Kerberos 4 (if compiled in),
 OTP (if compiled in) and local
-.No ( Pa /etc/passwd ) 
+.No ( Pa /etc/passwd )
 passwords are supported. OTP will be used if the the user is
 registered to use it, and
 .Nm login
@@ -71,7 +70,7 @@ to preserve all environment variables. If not given, only the
 and
 .Dv TZ
 variables are preserved. It could be a security risk to pass random
-variables to 
+variables to
 .Nm login
 or the user shell, so the calling daemon should make sure it only
 passes
@@ -91,12 +90,12 @@ Then various system parameters are set up, like changing the owner of
 the tty to the user, setting up signals, setting the group list, and
 user and group id. Also various machine specific tasks are performed.
 .Pp
-Next 
+Next
 .Nm login
-changes to the users home directory, or if that fails, to 
+changes to the users home directory, or if that fails, to
 .Pa / .
 The environment is setup, by adding some required variables (such as
-.Dv PATH ) , 
+.Dv PATH ) ,
 and also authentication related ones (such as
 .Dv KRB5CCNAME ) .
 If an environment file exists
@@ -108,31 +107,31 @@ If one or more login message files are configured, their contents is
 printed to the terminal.
 .Pp
 If a login time command is configured, it is executed. A logout time
-command can also be configured, which makes 
+command can also be configured, which makes
 .Nm login
 fork, and wait for the user shell to exit, and then run the command.
 This can be used to clean up user credentials.
 .Pp
 Finally, the user's shell is executed. If the user logging in is root,
-and root's login shell does not exist, a default shell (usually 
+and root's login shell does not exist, a default shell (usually
 .Pa /bin/sh )
 is also tried before giving up.
 .Sh ENVIRONMENT
-These environment variables are set by login (not including ones set by 
+These environment variables are set by login (not including ones set by
 .Pa /etc/environment ) :
 .Pp
 .Bl -tag -compact -width USERXXLOGNAME
 .It Dv PATH
 the default system path
 .It Dv HOME
-the user's home directory (or possibly 
+the user's home directory (or possibly
 .Pa / )
 .It Dv USER , Dv LOGNAME
 both set to the username
 .It Dv SHELL
 the user's shell
 .It Dv TERM , Dv TZ
-set to whatever is passed to 
+set to whatever is passed to
 .Nm login
 .It Dv KRB5CCNAME
 if the password is verified via Kerberos 5, this will point to the
@@ -145,7 +144,7 @@ ticket file
 .Bl -tag -compact -width Ds
 .It Pa /etc/environment
 Contains a set of environment variables that should be set in addition
-to the ones above. It should contain sh-style assignments like 
+to the ones above. It should contain sh-style assignments like
 .Dq VARIABLE=value .
 Note that they are not parsed the way a shell would. No variable
 expansion is performed, and all strings are literal, and quotation
@@ -161,7 +160,7 @@ FOO="this is a string"
 BAR= FOO='this is a string'
 .Ed
 .It Pa /etc/login.access
-See 
+See
 .Xr login.access 5 .
 .It Pa /etc/login.conf
 This is a termcap style configuration file, that contains various
@@ -205,14 +204,14 @@ programs typically print all sorts of information by default, such as
 last time you logged in, if you have mail, and system message files.
 This version of
 .Nm login
-does not, so there is no reason for 
+does not, so there is no reason for
 .Pa .hushlogin
 files or similar. We feel that these tasks are best left to the user's
-shell, but the 
+shell, but the
 .Li login_program
 facility allows for a shell independent solution, if that is desired.
 .Sh EXAMPLES
-A 
+A
 .Pa login.conf
 file could look like:
 .Bd -literal -offset indent
@@ -225,8 +224,8 @@ The
 .Pa limits.conf
 file consists of a table with four whitespace separated fields. First
 field is a username or a groupname (prefixed with
-.Sq @ ) , 
-or 
+.Sq @ ) ,
+or
 .Sq * .
 Second field is
 .Sq soft ,
@@ -235,11 +234,11 @@ or
 .Sq -
 (the last meaning both soft and hard).
 Third field is a limit name (such as
-.Sq cpu 
-or 
+.Sq cpu
+or
 .Sq core ) .
 Last field is the limit value (a number or
-.Sq - 
+.Sq -
 for unlimited). In the case of data sizes, the value is in kilobytes,
 and cputime is in minutes.
 .Sh SEE ALSO

appl/login/login.access.5

@@ -1,12 +1,11 @@
 .\" $Id$
-.\" 
+.\"
 .Dd March 21, 2003
 .Dt LOGIN.ACCESS 5
 .Os HEIMDAL
 .Sh NAME
 .Nm login.access
-.Nd
-login access control table
+.Nd login access control table
 .Sh DESCRIPTION
 The
 .Nm login.access
@@ -14,7 +13,7 @@ file specifies on which ttys or from which hosts certain users are
 allowed to login.
 .Pp
 At login, the
-.Pa /etc/login.access 
+.Pa /etc/login.access
 file is checked for the first entry that matches a specific user/host
 or user/tty combination. That entry can either allow or deny login
 access to that user.
@@ -52,5 +51,5 @@ make the group match if the user also matches.
 .Sh AUTHORS
 The
 .Fn login_access
-function was written by 
+function was written by
 Wietse Venema. This manual page was written for Heimdal.

appl/login/login.c

@@ -365,7 +365,7 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
 
 	read_limits_conf(file, pwd);
     }
-	
+
 #ifdef HAVE_SETPCRED
     if (setpcred (pwd->pw_name, NULL) == -1)
 	warn("setpcred(%s)", pwd->pw_name);
@@ -599,7 +599,7 @@ main(int argc, char **argv)
 	print_version (NULL);
 	return 0;
     }
-	
+
     if (geteuid() != 0)
 	errx(1, "only root may use login, use su");
 
@@ -687,7 +687,7 @@ main(int argc, char **argv)
                   sig_handler(0);
             }
          }
-	
+
 	if(pwd == NULL){
 	    fprintf(stderr, "Login incorrect.\n");
 	    ask = 1;

appl/login/login_locl.h

@@ -150,6 +150,6 @@ struct spwd;
 extern char **env;
 extern int num_env;
 
-#include "login_protos.h"
+#include "login-protos.h"
 
 #endif /* __LOGIN_LOCL_H__ */

appl/otp/Makefile.am

@@ -7,12 +7,11 @@ AM_CPPFLAGS += $(INCLUDE_hcrypto)
 bin_PROGRAMS = otp otpprint
 bin_SUIDS = otp
 otp_SOURCES = otp.c otp_locl.h
+otp_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
 otpprint_SOURCES = otpprint.c otp_locl.h
 
+otpprint_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
+
 man_MANS = otp.1  otpprint.1
 
-LDADD = \
-	$(top_builddir)/lib/otp/libotp.la	\
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/otp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\otp 
+
+!include ../../windows/NTMakefile.w32 
+

appl/otp/otp.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996, 2000 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd November 17, 1996
@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm otp
-.Nd
-manages one-time passwords
+.Nd manages one-time passwords
 .Sh SYNOPSIS
 .Nm otp
 .Op Fl dhlor

appl/otp/otpprint.1

@@ -1,34 +1,34 @@
 .\" Copyright (c) 1996, 2000 - 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd November 17, 1996
@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm otpprint
-.Nd
-print lists of one-time passwords
+.Nd print lists of one-time passwords
 .Sh SYNOPSIS
 .Nm otp
 .Op Fl n Ar count

appl/popper/Makefile.am

@@ -44,6 +44,6 @@ LDADD = \
 
 man_MANS = popper.8
 
-EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
+EXTRA_DIST = NTMakefile pop3.rfc1081 pop3e.rfc1082 \
 	popper.README.release README-FIRST \
 	$(man_MANS)

appl/popper/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\popper 
+
+!include ../../windows/NTMakefile.w32 
+

appl/popper/pop_auth.h

@@ -52,9 +52,6 @@ void pop_auth_set_error(const char *message);
 #ifdef KRB5
 extern struct auth_mech gssapi_mech;
 #endif
-#ifdef KRB4
-extern struct auth_mech krb4_mech;
-#endif
 
 
 #endif /* __pop_auth_h__ */

appl/popper/pop_debug.c

@@ -103,6 +103,7 @@ doit_v5 (char *host, int port)
     krb5_auth_context auth_context = NULL;
     krb5_principal server;
     int s = get_socket (host, port);
+    const char *estr;
 
     ret = krb5_init_context (&context);
     if (ret)
@@ -114,8 +115,9 @@ doit_v5 (char *host, int port)
 				   KRB5_NT_SRV_HST,
 				   &server);
     if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
-	       krb5_get_err_text (context, ret));
+	estr = krb5_get_error_message(context, ret);
+	warnx ("krb5_sname_to_principal: %s", estr);
+	krb5_free_error_message(context, estr);
 	return 1;
     }
     ret = krb5_sendauth (context,
@@ -131,13 +133,14 @@ doit_v5 (char *host, int port)
 			 NULL,
 			 NULL,
 			 NULL);
-     if (ret) {
-	 warnx ("krb5_sendauth: %s",
-		krb5_get_err_text (context, ret));
-	 return 1;
-     }
-     loop (s);
-     return 0;
+    if (ret) {
+	estr = krb5_get_error_message(context, ret);
+	warnx ("krb5_sendauth: %s", estr);
+	krb5_free_error_message(context, estr);
+	return 1;
+    }
+    loop (s);
+    return 0;
 }
 #endif
 
@@ -195,7 +198,7 @@ main(int argc, char **argv)
 	print_version (NULL);
 	return 0;
     }
-	
+
     if (argc < 1)
 	usage (1);
 

appl/popper/pop_dele.c

@@ -83,14 +83,14 @@ pop_xdele(POP *p)
 	    continue; /* no point in returning error */
 	/*  Flag the message for deletion */
 	mp->flags |= DEL_FLAG;
-	
+
 #ifdef DEBUG
 	if(p->debug)
 	    pop_log(p, POP_DEBUG,
 		    "Deleting message %u at offset %ld of length %ld\n",
 		    mp->number, mp->offset, mp->length);
 #endif /* DEBUG */
-	
+
 	/*  Update the messages_deleted and bytes_deleted counters */
 	p->msgs_deleted++;
 	p->bytes_deleted += mp->length;

appl/popper/pop_dropinfo.c

@@ -105,7 +105,7 @@ add_missing_headers(POP *p, MsgInfoList *mp)
                             p->user);
 	}
     }
-#endif	
+#endif
 #ifdef XOVER
     if (mp->subject == NULL)
 	mp->subject = "<none>";
@@ -219,7 +219,7 @@ pop_dropinfo(POP *p)
 	    pop_log(p,POP_DEBUG,
 		    "Msg %d at offset %ld is %ld octets long and has %u lines and id %s.",
                     mp->number,mp->offset,mp->length,mp->lines, mp->msg_id);
-#else	
+#else
             pop_log(p,POP_DEBUG,
                 "Msg %d at offset %d is %d octets long and has %u lines.",
                     mp->number,mp->offset,mp->length,mp->lines);

appl/popper/pop_init.c

@@ -57,12 +57,13 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
     krb5_auth_context auth_context = NULL;
     uint32_t len;
     krb5_ticket *ticket;
+    const char *estr;
     char *server;
 
     if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
 	return -1;
     len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
-	
+
     if (krb5_net_read(p->context, &s, buf, len) != len)
 	return -1;
     if (len != sizeof(KRB5_SENDAUTH_VERSION)
@@ -78,16 +79,18 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
 			 NULL,
 			 &ticket);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
-		krb5_get_err_text(p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return -1;
     }
 
 
     ret = krb5_unparse_name(p->context, ticket->server, &server);
     if(ret) {
-	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s",
-		krb5_get_err_text(p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	ret = -1;
 	goto out;
     }
@@ -301,7 +304,7 @@ pop_init(POP *p,int argcount,char **argmessage)
 	    portnum = p->kerberosp ?
 		pop_getportbyname(p, "kpop", "tcp", 1109) :
 	    pop_getportbyname(p, "pop", "tcp", 110);
-	mini_inetd (portnum);
+	mini_inetd (portnum, NULL);
     }
 
     /*  Get the address and socket of the client to whom I am speaking */

appl/popper/pop_pass.c

@@ -21,11 +21,13 @@ krb5_verify_password (POP *p)
     krb5_error_code ret;
     krb5_principal client, server;
     krb5_creds creds;
+    const char *estr;
 
     ret = krb5_get_init_creds_opt_alloc (p->context, &get_options);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s",
-		krb5_get_err_text (p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -37,8 +39,10 @@ krb5_verify_password (POP *p)
 
     ret = krb5_parse_name (p->context, p->user, &client);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s",
-		krb5_get_err_text (p->context, ret));
+	krb5_get_init_creds_opt_free(p->context, get_options);
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -53,9 +57,9 @@ krb5_verify_password (POP *p)
 					get_options);
     krb5_get_init_creds_opt_free(p->context, get_options);
     if (ret) {
-	pop_log(p, POP_PRIORITY,
-		"krb5_get_init_creds_password: %s",
-		krb5_get_err_text (p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -65,9 +69,9 @@ krb5_verify_password (POP *p)
 				   KRB5_NT_SRV_HST,
 				   &server);
     if (ret) {
-	pop_log(p, POP_PRIORITY,
-		"krb5_get_init_creds_password: %s",
-		krb5_get_err_text (p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -108,7 +112,7 @@ login_user(POP *p)
 	/*  Make a temporary copy of the user's maildrop */
 	/*    and set the group and user id */
 	if (pop_dropcopy(p, pw) != POP_SUCCESS) return (POP_FAILURE);
-	
+
 	/*  Get information about the maildrop */
 	if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE);
     } else {
@@ -142,7 +146,7 @@ pop_pass (POP *p)
 #ifdef KRB5
 	if (p->version == 5) {
 	    char *name;
-	
+
 	    if (!krb5_kuserok (p->context, p->principal, p->user)) {
 		pop_log (p, POP_PRIORITY,
 			 "krb5 permission denied");

appl/popper/popper.8

@@ -1,34 +1,34 @@
 .\" Copyright (c) 2001 - 2004 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
 .\" $Id$
 .\"
 .Dd July 14, 2004
@@ -36,8 +36,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm popper
-.Nd
-POP3 server
+.Nd POP3 server
 .Sh SYNOPSIS
 .Nm
 .Op Fl k
@@ -47,7 +46,7 @@ POP3 server
 .Op Fl d
 .Op Fl i
 .Op Fl p Ar port
-.Op Fl -address-log= Ns Pa file
+.Op Fl Fl address-log= Ns Pa file
 .Sh DESCRIPTION
 .Nm
 serves mail via the Post Office Protocol.  Supported options include:
@@ -55,12 +54,12 @@ serves mail via the Post Office Protocol.  Supported options include:
 .It Fl a Ar plaintext Ns \*(Ba Ns Ar otp Ns \*(Ba Ns Ar sasl
 Tells
 .Nm
-which authentication mode is acceptable, 
+which authentication mode is acceptable,
 .Ar sasl
 enables SASL (RFC2222),  and
 .Ar otp
 enables OTP (RFC1938) authentication. Both disable plaintext passwords.
-.It Fl -address-log= Ns Pa file
+.It Fl Fl address-log= Ns Pa file
 Logs the addresses (along with a timestamp) of all clients to the
 specified file. This can be used to implement POP-before-SMTP
 authentication.