Populate creds in get_new_tickets before actually using it.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>

.gitignore

@@ -1,26 +1,120 @@
-# git-ls-files --others --exclude-from=.git/info/exclude
+# After changing this file, please run:
-# Lines that start with '#' are comments.
+#
-# For a project mostly in C, the following would be a good set of
+#     git ls-files -i --exclude-standard
-# exclude patterns (uncomment them if you want to use them):
+#
-# *.[oa]
+# to check that you haven't inadvertently ignored any tracked files.  This
-# *~
+# command should return no output.  Any files listed by it are files
+# present in the repository but ignored by .gitignore.
+
+# General rules, with some exclusions for where they're too general.
 
 .DS_Store
+.deps/
+.dirstamp
+.libs/
+Makefile
 Makefile.in
+asn1_*.[cx]
+!/lib/asn1/asn1_gen.c
+!/lib/asn1/asn1_print.c
+!/lib/krb5/asn1_glue.c
+*_asn1.h
+!/lib/asn1/heim_asn1.h
+*_asn1.hx
+*_asn1-priv.h
+*_asn1-priv.hx
+*_asn1-template.c
+*_asn1_files
+*_err.[ch]
+!/lib/com_err/com_err.[ch]
+*-commands.[ch]
 *~
+*.a
+*.la
+*.lo
+*.o
+
+# Top-level files.
 
 /aclocal.m4
 /autom4te.cache
 /compile
 /config.guess
+/config.log
+/config.status
 /config.sub
 /configure
 /depcomp
 /install-sh
+/libtool
 /ltmain.sh
 /missing
+/setupbuild.cmd
 /ylwrap
-/appl/login/login_protos.h
+
+/lib/libedit/aclocal.m4
+/lib/libedit/autom4te.cache
+/lib/libedit/compile
+/lib/libedit/config.guess
+/lib/libedit/config.log
+/lib/libedit/config.status
+/lib/libedit/config.sub
+/lib/libedit/configure
+/lib/libedit/depcomp
+/lib/libedit/install-sh
+/lib/libedit/libtool
+/lib/libedit/ltmain.sh
+/lib/libedit/missing
+/lib/libedit/setupbuild.cmd
+/lib/libedit/ylwrap
+
+
+# Files in subdirectories.
+
+/admin/ktutil
+/appl/afsutil/afslog
+/appl/afsutil/pagsh
+/appl/ftp/ftp/ftp
+/appl/ftp/ftpd/ftpcmd.c
+/appl/ftp/ftpd/ftpd
+/appl/ftp/ftpd/gssapi.c
+/appl/ftp/ftpd/security.c
+/appl/ftp/ftpd/security.h
+/appl/gssmask/gssmaestro
+/appl/gssmask/gssmask
+/appl/kf/kf
+/appl/kf/kfd
+/appl/kx/kx
+/appl/kx/kxd
+/appl/kx/rxtelnet
+/appl/kx/rxterm
+/appl/kx/tenletxr
+/appl/login/login
+/appl/login/login-protos.h
+/appl/otp/otp
+/appl/otp/otpprint
+/appl/popper/pop_debug
+/appl/popper/popper
+/appl/push/pfrom
+/appl/push/push
+/appl/rcp/rcp
+/appl/rsh/limits_conf.c
+/appl/rsh/login_access.c
+/appl/rsh/rsh
+/appl/rsh/rshd
+/appl/su/su
+/appl/telnet/telnet/telnet
+/appl/telnet/telnetd/telnetd
+/appl/test/gssapi_client
+/appl/test/gssapi_server
+/appl/test/http_client
+/appl/test/nt_gss_client
+/appl/test/nt_gss_server
+/appl/test/tcp_client
+/appl/test/tcp_server
+/appl/test/uu_client
+/appl/test/uu_server
+/appl/xnlock/xnlock
 /cf/libtool.m4
 /cf/ltoptions.m4
 /cf/ltsugar.m4
@@ -36,32 +130,140 @@ Makefile.in
 /doc/krb5
 /doc/ntlm
 /doc/wind
+/doc/vars.texi
+/doc/doxyout
+/include/*.h
+!/include/crypto-headers.h
+!/include/heim_threads.h
+/include/bits
 /include/config.h.in
-/include/stamp-h.in
+/include/gssapi/*.h
-/kcm/kcm_protos.h
+/include/kadm5/*.h
+/include/stamp-h1
+/include/version.h.in
+/kadmin/add_random_users
+/kadmin/kadmin
+/kadmin/kadmind
+/kcm/kcm
+/kcm/kcm-protos.h
+/kdc/digest-service
+/kdc/hprop
+/kdc/hpropd
+/kdc/kdc
 /kdc/kdc-protos.h
 /kdc/kdc-private.h
+/kdc/kdc-replay
+/kdc/kstash
+/kdc/string2key
+/kpasswd/kpasswd
+/kpasswd/kpasswd-generator
+/kpasswd/kpasswdd
+/kuser/copy_cred_cache
+/kuser/generate-requests
+/kuser/kcc
+/kuser/kdecode_ticket
+/kuser/kdestroy
+/kuser/kdigest
+/kuser/kgetcred
+/kuser/kimpersonate
+/kuser/kinit
+/kuser/klist
+/kuser/kswitch
+/kuser/kverify
+/lib/asn1/asn1_compile
+/lib/asn1/asn1_gen
+/lib/asn1/asn1_print
+/lib/asn1/asn1parse.c
+/lib/asn1/asn1parse.h
 /lib/asn1/der-protos.h
 /lib/asn1/der-private.h
+/lib/asn1/lex.c
 /lib/auth/Makefile.in
+/lib/com_err/compile_et
+/lib/com_err/lex.c
 /lib/com_err/parse.c
 /lib/com_err/parse.h
+/lib/com_err/snprintf.c
+/lib/com_err/strlcpy.c
+/lib/editline/snprintf.c
+/lib/editline/strdup.c
+/lib/editline/strlcat.c
+/lib/editline/testit
+/lib/gssapi/gss
+/lib/gssapi/gsstool
 /lib/gssapi/krb5/gsskrb5-private.h
 /lib/gssapi/ntlm/ntlm-private.h
 /lib/gssapi/spnego/spnego-private.h
+/lib/gssapi/test_context
+/lib/gssapi/test_cred
+/lib/gssapi/test_kcred
+/lib/gssapi/test_ntlm
 /lib/hdb/hdb-protos.h
 /lib/hdb/hdb-private.h
-/lib/hx509/hx509-private.h
+/lib/hdb/test_dbinfo
-/lib/hx509/hx509-protos.h
+/lib/hdb/test_hdbkeys
-/lib/hx509/data/*.pem
+/lib/hdb/test_mkey
 /lib/hx509/data/*.srl
 /lib/hx509/data/*.req
 /lib/hx509/data/sub-ca-combined.crt
+/lib/hx509/hx509-private.h
+/lib/hx509/hx509-protos.h
+/lib/hx509/hxtool
+/lib/hx509/sel-gram.c
+/lib/hx509/sel-gram.h
+/lib/hx509/sel-lex.c
+/lib/ipc/tc
+/lib/ipc/ts
+/lib/ipc/ts-http
+/lib/kadm5/iprop-log
+/lib/kadm5/ipropd-master
+/lib/kadm5/ipropd-slave
+/lib/kadm5/test_pw_quality
 /lib/kadm5/kadm5-protos.h
 /lib/kadm5/kadm5-private.h
+/lib/kafs/resolve.c
+/lib/kafs/strlcpy.c
+/lib/kafs/strsep.c
+/lib/kafs/strtok_r.c
 /lib/krb5/krb5-protos.h
 /lib/krb5/krb5-private.h
+/lib/krb5/krbhst-test
+/lib/krb5/test_alname
+/lib/krb5/test_crypto
+/lib/krb5/test_forward
+/lib/krb5/test_get_addrs
+/lib/krb5/test_gic
+/lib/krb5/test_kuserok
+/lib/krb5/test_renew
+/lib/krb5/test_rfc3961
+/lib/krb5/verify_krb5_conf
 /lib/ntlm/heimntlm-protos.h
+/lib/otp/ndbm_wrap.c
+/lib/otp/ndbm_wrap.h
+/lib/otp/otptest
+/lib/otp/snprintf.c
+/lib/otp/strcasecmp.c
+/lib/otp/strlcat.c
+/lib/otp/strlcpy.c
+/lib/otp/strlwr.c
+/lib/otp/strncasecmp.c
+/lib/roken/glob.h
+/lib/roken/make-roken
+/lib/roken/make-roken.c
+/lib/roken/resolve-test
+/lib/roken/rkpty
+/lib/roken/roken.h
+/lib/roken/snprintf-test
+/lib/roken/vis.h
+/lib/sl/getprogname.c
+/lib/sl/slc
+/lib/sl/slc-gram.c
+/lib/sl/slc-gram.h
+/lib/sl/slc-lex.c
+/lib/sl/snprintf.c
+/lib/sl/strdup.c
+/lib/sl/strtok_r.c
+/lib/sl/strupr.c
 /lib/wind/*.pyc
 /lib/wind/bidi_table.c
 /lib/wind/bidi_table.h
@@ -69,10 +271,30 @@ Makefile.in
 /lib/wind/combining_table.h
 /lib/wind/errorlist_table.c
 /lib/wind/errorlist_table.h
+/lib/wind/idn-lookup
 /lib/wind/map_table.c
 /lib/wind/map_table.h
 /lib/wind/normalize_table.c
 /lib/wind/normalize_table.h
 /lib/wind/punycode_examples.c
 /lib/wind/punycode_examples.h
+/out
+/po/gen-po.sh
 /scripts
+/tests/bin/setup-env
+/tests/can/krb5.conf
+/tests/can/mit-pkinit-20070607.cf
+/tests/db/have-db
+/tests/db/krb5.conf
+/tests/db/krb5.conf-sqlite
+/tests/gss/krb5.conf
+/tests/java/krb5.conf
+/tests/kdc/krb5-pkinit-win.conf
+/tests/kdc/krb5-pkinit.conf
+/tests/kdc/krb5-slave.conf
+/tests/kdc/krb5-weak.conf
+/tests/kdc/krb5.conf
+/tests/ldap/krb5.conf
+/tests/plugin/krb5.conf
+/tools/heimdal-gssapi.pc
+/tools/krb5-config

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 1995 - 2008 Kungliga Tekniska Högskolan
+Copyright (c) 1995 - 2011 Kungliga Tekniska Högskolan
 (Royal Institute of Technology, Stockholm, Sweden). 
 All rights reserved. 
 

Makefile.am

@@ -6,13 +6,21 @@ if KCM
 kcm_dir = kcm
 endif
 
-SUBDIRS=  include lib kuser kdc admin kadmin kpasswd 
+SUBDIRS=  include base lib kuser kdc admin kadmin kpasswd 
-SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc po
+SUBDIRS+= $(kcm_dir) appl tools tests packages etc po
+
+if HEIMDAL_DOCUMENTATION
+SUBDIRS+= doc
+endif
+
+
 
 ## ACLOCAL = @ACLOCAL@ -I cf
 ACLOCAL_AMFLAGS = -I cf
 
 EXTRA_DIST = \
+	NTMakefile \
+	windows \
 	TODO \
 	LICENSE \
 	README \

NEWS

@@ -1,14 +1,80 @@
+Release Notes - Heimdal - Version Heimdal 1.5.1
+
+ Bug fixes
+ - Fix building on Solaris, requires c99
+ - Fix building on Windows
+ - Build system updates
+
+Release Notes - Heimdal - Version Heimdal 1.5
+
+New features
+
+ - Support GSS name extensions/attributes
+ - SHA512 support
+ - No Kerberos 4 support
+ - Basic support for MIT Admin protocol (SECGSS flavor)
+   in kadmind (extract keytab)
+ - Replace editline with libedit
+
+Release Notes - Heimdal - Version Heimdal 1.4
+
+ New features
+ 
+ - Support for reading MIT database file directly
+ - KCM is polished up and now used in production
+ - NTLM first class citizen, credentials stored in KCM
+ - Table driven ASN.1 compiler, smaller!, not enabled by default
+ - Native Windows client support
+
+Notes
+
+ - Disabled write support NDBM hdb backend (read still in there) since
+   it can't handle large records, please migrate to a diffrent backend
+   (like BDB4)
+
+Release Notes - Heimdal - Version Heimdal 1.3.3
+
+ Bug fixes
+ - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
+ - Check NULL pointers before dereference them [kdc]
+
+Release Notes - Heimdal - Version Heimdal 1.3.2
+
+ Bug fixes
+
+ - Don't mix length when clearing hmac (could memset too much)
+ - More paranoid underrun checking when decrypting packets
+ - Check the password change requests and refuse to answer empty packets
+ - Build on OpenSolaris 
+ - Renumber AD-SIGNED-TICKET since it was stolen from US
+ - Don't cache /dev/*random file descriptor, it doesn't get unloaded
+ - Make C++ safe
+ - Misc warnings
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ Bug fixes
+
+ - Store KDC offset in credentials
+ - Many many more bug fixes
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ New features
+
+ - Make work with OpenLDAPs krb5 overlay
+
 Release Notes - Heimdal - Version Heimdal 1.3
 
  New features
 
- - Partital support for MIT kadmind rpc protocol in kadmind
+ - Partial support for MIT kadmind rpc protocol in kadmind
  - Better support for finding keytab entries when using SPN aliases in the KDC
  - Support BER in ASN.1 library (needed for CMS)
  - Support decryption in Keychain private keys
  - Support for new sqlite based credential cache
- - Try both to KDC referals the the common DNS reverse lookup in GSS-API
+ - Try both KDC referals and the common DNS reverse lookup in GSS-API
- - Fix the KCM not not leak resources on failure
+ - Fix the KCM to not leak resources on failure
  - Add IPv6 support to iprop
  - Support localization of error strings in
    kinit/klist/kdestroy and Kerberos library

NTMakefile

@@ -0,0 +1,42 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+!if exist(thirdparty/NTMakefile)
+thirdparty=thirdparty
+!endif
+
+SUBDIRS = include lib\roken base lib kuser kdc admin kadmin kpasswd appl doc \
+	tools tests packages etc $(thirdparty) packages\windows\installer
+
+!include windows/NTMakefile.w32
+
+all::
+	@echo Build finished succesfully

README

@@ -1,12 +1,12 @@
 
 Heimdal is a Kerberos 5 implementation.
 
-Please see the manual in doc, by default installed in
+For information how to install see <http://www.h5l.org/compile.html>.
-/usr/heimdal/info/heimdal.info for information on how to install.
+
-There are also briefer man pages for most of the commands.
+There are briefer man pages for most of the commands.
 
 Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
+the manual on how we prefer them: <heimdal-bugs@h5l.org>.
 
 For more information see the web-page at
 <http://www.h5l.org/> or the mailing lists:

README.fast

@@ -0,0 +1,17 @@
+
+-- in order of preference
+
+- client: support KRB5_PADATA_ENCRYPTED_CHALLENGE in lib/krb5/init_creds_pw.c
+- client: don't support ENC-TS in FAST
+
+- client: plugin support for fast plugins
+
+- kdc: plugin support for fast plugins
+	partly done with "struct kdc_patypes"
+
+- kcm: support FAST armor ticket
+-- using PK-INIT anonymous
+-- using host key
+
+- client: tgs-req fast support
+- kdc: tgs-req fast support

TODO

@@ -1,49 +1,30 @@
 -*- indented-text -*-
 
-$Id$
-
-* configure
-
-* appl
-
-** appl/popper
-
-* doc
-
-* kdc
-
-* kadmin
-
-* kpasswdd
-
-* lib
-
-** lib/asn1
-
-** lib/auth
-
-** lib/auth/sia
-
-** lib/com_err
-
-** lib/des
-
 ** lib/gssapi
 
 cache delegation credentials to avoid hitting the kdc ?  require time
 stampless tickets, and was supported in the recv'ing end with 0.6.1.
 
-** lib/hdb
+make iov work for arcfour
+
+make iov work for ntlm
+
+interop test
+
+make TYPE_STREAM work
 
 ** lib/kadm5
 
 add policies?
 
-fix to use rpc?
-
 ** lib/krb5
 
 verify_user: handle non-secure verification failing because of
 host->realm mapping
 
-** lib/roken
+* windows stuff
+
+-- drop all double negation #ifndef NO_
+-- got though windows specific ifdefs to minimized them
+-- switch to use heim-ipc for services, like the kadmin change notification socket
+-- Unify lib/krb5/expand_path_w32.c

TODO-iov

@@ -1,5 +0,0 @@
-
-make iov work for arcfour
-make iov work for ntlm
-interop test
-make TYPE_STREAM work

admin/Makefile.am

@@ -4,8 +4,6 @@ include $(top_srcdir)/Makefile.am.common
 
 AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
 
-SLC = $(top_builddir)/lib/sl/slc
-
 man_MANS = ktutil.8
 
 sbin_PROGRAMS = ktutil
@@ -42,4 +40,4 @@ LDADD = \
 	$(LIB_readline) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS) ktutil-commands.in
+EXTRA_DIST = NTMakefile ktutil-version.rc $(man_MANS) ktutil-commands.in

admin/NTMakefile

@@ -0,0 +1,74 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=admin 
+cincdirs=$(cincdirs) -I$(OBJ)
+!include ../windows/NTMakefile.w32 
+
+SBINPROGRAMS=$(SBINDIR)\ktutil.exe
+
+KTUTIL_OBJS= \
+	$(OBJ)\add.obj		\
+	$(OBJ)\change.obj	\
+	$(OBJ)\copy.obj		\
+	$(OBJ)\destroy.obj	\
+	$(OBJ)\get.obj		\
+	$(OBJ)\ktutil.obj	\
+	$(OBJ)\ktutil-commands.obj	\
+	$(OBJ)\list.obj		\
+	$(OBJ)\purge.obj	\
+	$(OBJ)\remove.obj	\
+	$(OBJ)\rename.obj
+
+KTUTIL_LIBS= \
+	$(LIBHEIMDAL)	\
+	$(LIBKADM5SRV)	\
+	$(LIBSL)	\
+	$(LIBROKEN)	\
+	$(LIBVERS)
+
+$(SBINDIR)\ktutil.exe: $(KTUTIL_OBJS) $(KTUTIL_LIBS) $(OBJ)\ktutil-version.res
+	$(EXECONLINK)
+	$(EXEPREP)
+
+$(OBJ)\ktutil-commands.c $(OBJ)\ktutil-commands.h: ktutil-commands.in
+	cd $(OBJ)
+	$(CP) $(SRCDIR)\ktutil-commands.in $(OBJ)
+	$(BINDIR)\slc.exe ktutil-commands.in
+	cd $(SRCDIR)
+
+INCFILES=\
+	$(OBJ)\ktutil-commands.h
+
+all:: $(INCFILES) $(SBINPROGRAMS)
+
+clean::
+	-$(RM) $(SBINPROGRAMS:.exe=.*)

admin/add.c

@@ -113,7 +113,7 @@ kt_add(struct add_options *opt, int argc, char **argv)
 		goto out;
 	    }
 
-	    if (hex_decode(opt->password_string, data, len) != len) {
+	    if ((size_t)hex_decode(opt->password_string, data, len) != len) {
 		free(data);
 		krb5_warn(context, ENOMEM, "hex decode failed");
 		goto out;

admin/get.c

@@ -90,7 +90,8 @@ kt_get(struct get_options *opt, int argc, char **argv)
     void *kadm_handle = NULL;
     krb5_enctype *etypes = NULL;
     size_t netypes = 0;
-    int i, j;
+    size_t i;
+    int a, j;
     unsigned int failed = 0;
 
     if((keytab = ktutil_open_keytab()) == NULL)
@@ -120,7 +121,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
     }
 
 
-    for(i = 0; i < argc; i++){
+    for(a = 0; a < argc; a++){
 	krb5_principal princ_ent;
 	kadm5_principal_ent_rec princ;
 	int mask = 0;
@@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	int created = 0;
 	krb5_keytab_entry entry;
 
-	ret = krb5_parse_name(context, argv[i], &princ_ent);
+	ret = krb5_parse_name(context, argv[a], &princ_ent);
 	if (ret) {
-	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
+	    krb5_warn(context, ret, "can't parse principal %s", argv[a]);
 	    failed++;
 	    continue;
 	}
@@ -161,14 +162,14 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	if(ret == 0)
 	    created = 1;
 	else if(ret != KADM5_DUP) {
-	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
 	    krb5_free_principal(context, princ_ent);
 	    failed++;
 	    continue;
 	}
 	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
 	    krb5_free_principal(context, princ_ent);
 	    failed++;
 	    continue;
@@ -177,7 +178,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
 			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]);
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
@@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    continue;
 	}
 	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
-	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
+	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]);
 	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
 	mask = KADM5_ATTRIBUTES;
 	if(created) {
@@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	}
 	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
 	if (ret) {
-	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
+	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]);
 	    for (j = 0; j < n_keys; j++)
 		krb5_free_keyblock_contents(context, &keys[j]);
 	    krb5_free_principal(context, princ_ent);
@@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
 	    int do_add = TRUE;
 
 	    if (netypes) {
-		int k;
+		size_t k;
 
 		do_add = FALSE;
 		for (k = 0; k < netypes; ++k)

admin/ktutil-version.rc

@@ -0,0 +1,36 @@
+/***********************************************************************
+ * Copyright (c) 2010, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ **********************************************************************/
+
+#define RC_FILE_TYPE VFT_APP
+#define RC_FILE_DESC_0409 "Kerberos Keytab Tool"
+#define RC_FILE_ORIG_0409 "ktutil.exe"
+
+#include "../windows/version.rc"

admin/ktutil.8

@@ -40,12 +40,12 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
+.Fl Fl keytab= Ns Ar keytab
 .Xc
 .Oc
-.Op Fl v | Fl -verbose
+.Op Fl v | Fl Fl verbose
-.Op Fl -version
+.Op Fl Fl version
-.Op Fl h | Fl -help
+.Op Fl h | Fl Fl help
 .Ar command
 .Op Ar args
 .Sh DESCRIPTION
@@ -53,72 +53,43 @@
 is a program for managing keytabs.
 Supported options:
 .Bl -tag -width Ds
-.It Xo
+.It Fl v , Fl Fl verbose
-.Fl v ,
-.Fl -verbose
-.Xc
 Verbose output.
 .El
 .Pp
 .Ar command
 can be one of the following:
 .Bl -tag -width srvconvert
-.It add Xo
+.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
-.Op Fl p Ar principal
+Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
-.Op Fl -principal= Ns Ar principal
+Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
-.Op Fl V Ar kvno
+Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
-.Op Fl -kvno= Ns Ar kvno
+Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Op Fl H
-.Op Fl -hex
-.Xc
 Adds a key to the keytab. Options that are not specified will be
 prompted for. This requires that you know the password or the hex key of the
 principal to add; if what you really want is to add a new principal to
 the keytab, you should consider the
 .Ar get
 command, which talks to the kadmin server.
-.It change Xo
+.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
-.Op Fl r Ar realm
+Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
-.Op Fl -realm= Ns Ar realm
+Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
 Update one or several keys to new versions.  By default, use the admin
 server for the realm of a keytab entry.  Otherwise it will use the
 values specified by the options.
 .Pp
 If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
+.It copy Ar keytab-src Ar keytab-dest
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
 Copies all the entries from
 .Ar keytab-src
 to
 .Ar keytab-dest .
-.It get Xo
+.It get Oo Fl p Ar admin principal Oc \
-.Op Fl p Ar admin principal
+Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
-.Op Fl -principal= Ns Ar admin principal
+Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
-.Op Fl e Ar enctype
+Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
-.Op Fl -enctypes= Ns Ar enctype
+Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
-.Op Fl r Ar realm
+Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
 For each
 .Ar principal ,
 generate a new key for it (creating it if it doesn't already exist),
@@ -128,69 +99,26 @@ If no
 .Ar realm
 is specified, the realm to operate on is taken from the first
 principal.
-.It list Xo
+.It list Oo Fl Fl keys Oc Op Fl Fl timestamp
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
 List the keys stored in the keytab.
-.It remove Xo
+.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
-.Op Fl p Ar principal
+Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
-.Op Fl -principal= Ns Ar principal
+Oo Fl Fl enctype= Ns Ar enctype Oc
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
 Removes the specified key or keys. Not specifying a
 .Ar kvno
 removes keys with any version number. Not specifying an
 .Ar enctype
 removes keys of any type.
-.It rename Xo
+.It rename Ar from-principal Ar to-principal
-.Ar from-principal
-.Ar to-principal
-.Xc
 Renames all entries in the keytab that match the
 .Ar from-principal
 to
 .Ar to-principal .
-.It purge Xo
+.It purge Op Fl Fl age= Ns Ar age
-.Op Fl -age= Ns Ar age
-.Xc
 Removes all old versions of a key for which there is a newer version
 that is at least
 .Ar age
 (default one week) old.
-.It srvconvert
-.It srv2keytab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 4 srvtab in
-.Ar srvtab
-to a version 5 keytab and stores it in
-.Ar keytab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Li krb4: Ns Ar srvtab
-.Ar keytab
-.Ed
-.It srvcreate
-.It key2srvtab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 5 keytab in
-.Ar keytab
-to a version 4 srvtab and stores it in
-.Ar srvtab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Ar keytab
-.Li krb4: Ns Ar srvtab
-.Ed
 .El
 .Sh SEE ALSO
 .Xr kadmin 8

admin/ktutil.c

@@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv)
 		     argv[0]);
 	} else {
 	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
+		char shelp[] = "--help";
+		char *fake[3];
 		fake[0] = argv[0];
+		fake[1] = shelp;
+		fake[2] = NULL;
 		(*c->func)(2, fake);
 		fprintf(stderr, "\n");
 	    }

admin/list.c

@@ -113,7 +113,7 @@ do_list(struct list_options *opt, const char *keytab_str)
 	    rtbl_add_column_entry_by_id(table, 3, buf);
 	}
 	if(opt->keys_flag) {
-	    int i;
+	    size_t i;
 	    s = malloc(2 * entry.keyblock.keyvalue.length + 1);
 	    if (s == NULL) {
 		krb5_warnx(context, "malloc failed");

appl/Makefile.am

@@ -10,6 +10,7 @@ dir_dce = dceutils
 endif
 SUBDIRS = 					\
 	  afsutil				\
+	  dbutils				\
 	  ftp					\
 	  login					\
 	  $(dir_otp)				\
@@ -25,3 +26,5 @@ SUBDIRS = 					\
 	  kx					\
 	  kf					\
 	  $(dir_dce)
+
+EXTRA_DIST = NTMakefile

appl/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl 
+
+!include ../windows/NTMakefile.w32 
+

appl/afsutil/Makefile.am

@@ -2,8 +2,6 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
 bin_PROGRAMS = afslog pagsh
 
 afslog_SOURCES = afslog.c
@@ -13,10 +11,9 @@ pagsh_SOURCES  = pagsh.c
 man_MANS = afslog.1 pagsh.1
 
 LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_hcrypto) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/afsutil/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\afsutil 
+
+!include ../../windows/NTMakefile.w32 
+

appl/afsutil/afslog.1

@@ -36,31 +36,30 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm afslog
-.Nd
+.Nd obtain AFS tokens
-obtain AFS tokens
 .Sh SYNOPSIS
 .Nm
-.Op Fl h | Fl -help
+.Op Fl h | Fl Fl help
-.Op Fl -no-v4
+.Op Fl Fl no-v4
-.Op Fl -no-v5
+.Op Fl Fl no-v5
-.Op Fl u | Fl -unlog
+.Op Fl u | Fl Fl unlog
-.Op Fl v | Fl -verbose
+.Op Fl v | Fl Fl verbose
-.Op Fl -version
+.Op Fl Fl version
 .Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
+.Fl Fl cell= Ns Ar cell
 .Xc
 .Oc
 .Oo Fl k Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
+.Fl Fl realm= Ns Ar realm
 .Xc
 .Oc
 .Oo Fl P Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal
+.Fl Fl principal= Ns Ar principal
 .Xc
 .Oc
 .Bk -words
 .Oo Fl p Ar path \*(Ba Xo
-.Fl -file= Ns Ar path
+.Fl Fl file= Ns Ar path
 .Xc
 .Oc
 .Ek
@@ -77,51 +76,51 @@ decides upon.
 .Pp
 Supported options:
 .Bl -tag -width Ds
-.It Fl -no-v4
+.It Fl Fl no-v4
 This makes
 .Nm
 not try using Kerberos 4.
-.It Fl -no-v5
+.It Fl Fl no-v5
 This makes
 .Nm
 not try using Kerberos 5.
 .It Xo
 .Fl P Ar principal ,
-.Fl -principal Ar principal
+.Fl Fl principal Ar principal
 .Xc
 select what Kerberos 5 principal to use.
-.It Fl -cache Ar cache
+.It Fl Fl cache Ar cache
 select what Kerberos 5 credential cache to use.
-.Fl -principal
+.Fl Fl principal
 overrides this option.
 .It Xo
 .Fl u ,
-.Fl -unlog
+.Fl Fl unlog
 .Xc
 Destroy tokens instead of obtaining new. If this is specified, all
 other options are ignored (except for
-.Fl -help
+.Fl Fl help
 and
-.Fl -version ) .
+.Fl Fl version ) .
 .It Xo
 .Fl v ,
-.Fl -verbose
+.Fl Fl verbose
 .Xc
 Adds more verbosity for what is actually going on.
 .It Xo
 .Fl c Ar cell,
-.Fl -cell= Ns Ar cell
+.Fl Fl cell= Ns Ar cell
 .Xc
 This specified one or more cell names to get tokens for.
 .It Xo
 .Fl k Ar realm ,
-.Fl -realm= Ns Ar realm
+.Fl Fl realm= Ns Ar realm
 .Xc
 This is the Kerberos realm the AFS servers live in, this should
 normally not be specified.
 .It Xo
 .Fl p Ar path ,
-.Fl -file= Ns Ar path
+.Fl Fl file= Ns Ar path
 .Xc
 This specified one or more file paths for which tokens should be
 obtained.

appl/afsutil/afslog.c

@@ -180,9 +180,9 @@ afslog_file(const char *path)
 static int
 do_afslog(const char *cell)
 {
-    int k5ret, k4ret;
+    int k5ret;
 
-    k5ret = k4ret = 0;
+    k5ret = 0;
 
 #ifdef KRB5
     if(context != NULL && id != NULL && use_krb5) {
@@ -195,9 +195,9 @@ do_afslog(const char *cell)
 	cell = "<default cell>";
 #ifdef KRB5
     if (k5ret)
-	warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
+	krb5_warn(context, k5ret, "krb5_afslog(%s)", cell);
 #endif
-    if (k5ret || k4ret)
+    if (k5ret)
 	return 1;
     return 0;
 }

appl/afsutil/pagsh.1

@@ -36,44 +36,45 @@
 .Os Heimdal
 .Sh NAME
 .Nm pagsh
-.Nd
+.Nd creates a new credential cache sandbox
-creates a new credential cache sandbox
 .Sh SYNOPSIS
 .Nm
-.Op Fl c
+.Op Fl c Ar command-string
-.Op Fl h | Fl -help
+.Op Fl h | Fl Fl help
-.Op Fl -version
+.Op Fl Fl version
-.Op Fl -cache-type= Ns Ar string
+.Op Fl Fl cache-type= Ns Ar string
 .Ar command [args...]
 .Sh DESCRIPTION
 Supported options:
 .Bl -tag -width Ds
 .It Xo
-.Fl c
+.Fl c Ar command-string
+Executes command(s) contained in
+.Ar command-string .
 .Xc
 .It Xo
-.Fl -cache-type= Ns Ar string
+.Fl Fl cache-type= Ns Ar string
 .Xc
 .It Xo
 .Fl h ,
-.Fl -help
+.Fl Fl help
 .Xc
 .It Xo
-.Fl -version
+.Fl Fl version
 .Xc
 .El
 .Pp
 .Nm
 creates a new credential cache sandbox for the user to live in.
 If AFS is installed on the computer, the user is put in a newly
-created PAG.
+created Process Authentication Group (PAG).
 .Pp
 For Kerberos 5, the credential cache type that is used is the same as
 the credential cache type that was used at the time of
 .Nm
 invocation.
 The credential cache type can be controlled by the option
-.Fl -cache-type .
+.Fl Fl cache-type .
 .Sh EXAMPLES
 Create a new sandbox where new credentials can be used, while the old
 credentials can be used by other processes.
@@ -89,4 +90,5 @@ $ klist
 klist: No ticket file: /tmp/krb5cc_03014a
 .Ed
 .Sh SEE ALSO
-.Xr afslog 1
+.Xr afslog 1 ,
+.Xr kinit 1

appl/afsutil/pagsh.c

@@ -138,7 +138,7 @@ main(int argc, char **argv)
 	if (name == NULL)
 	    krb5_errx(context, 1, "Generated credential cache have no name");
 
-	snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name);
+	snprintf(tf, sizeof(tf), "%s:%s", krb5_cc_get_type(context, id), name);
 
 	ret = krb5_cc_close(context, id);
 	if (ret)
@@ -169,6 +169,8 @@ main(int argc, char **argv)
 	path = getenv("SHELL");
 	if(path == NULL){
 	    struct passwd *pw = k_getpwuid(geteuid());
+	    if (pw == NULL)
+		errx(1, "no such user: %d", (int)geteuid());
 	    path = strdup(pw->pw_shell);
 	}
     } else {

appl/dbutils/Makefile.am

@@ -0,0 +1,13 @@
+# $Id$
+
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = bsearch
+
+bsearch_SOURCES  = bsearch.c
+
+man_MANS = bsearch.1
+
+EXTRA_DIST = NTMakefile $(man_MANS)
+
+LDADD = $(LIB_roken) $(LIB_vers) $(LIB_heimbase)

appl/dbutils/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\dbutils 
+
+!include ../../windows/NTMakefile.w32 
+

appl/dbutils/bsearch.1

@@ -0,0 +1,114 @@
+.\"
+.\" Copyright (c) 2011, Secure Endpoints Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" - Redistributions of source code must retain the above copyright
+.\"   notice, this list of conditions and the following disclaimer.
+.\"
+.\" - Redistributions in binary form must reproduce the above copyright
+.\"   notice, this list of conditions and the following disclaimer in
+.\"   the documentation and/or other materials provided with the
+.\"   distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+.\" COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd November 30, 2011
+.Dt BSEARCH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm bsearch
+.Nd manages one-time passwords
+.Sh SYNOPSIS
+.Nm bsearch
+.Op Fl KVvh
+.Op Fl b Ar block-size
+.Op Fl m Ar max-cache-size
+.Ar file
+.Ar [key ...]
+.Sh DESCRIPTION
+The
+.Nm
+program performs binary searches of
+.Ar file
+which must be a sorted flat text file.
+.Pp
+Each line is a record.  Each record starts with a key
+that is optionally followed by whitespace and a value.
+Whitespace may be quoted with a backslash, but newline
+and carriage-return characters must be quoted in some
+other manner (e.g., as backslash-n and backslash-r).
+Escapes are not interpreted nor removed.
+.Pp
+If no key arguments are given on the comman-line, then
+keys will be read from standard input.
+.Pp
+By default only values are printed to standard output.
+Use the -K option to also print keys.  The exit status
+will be non-zero if any key lookups fail.
+.Pp
+Options are:
+.Bl -tag -width Ds
+.It Fl K
+Print keys.
+.It Fl V
+Don't print values.
+.It Fl h
+Print usage and exit.
+.It Fl v
+Print statistic and debug information to standard
+error.
+.Ar file
+A sorted flat text file.  NOTE: use the "C" locale for
+sorting this file, as in "LC_ALL=C sort -u -o file
+file".
+.It Fl h
+For getting a help message.
+.It Fl m
+Set
+.Ar max-cache-size
+as the maximum cache size.  If the
+.Ar file
+is smaller than this size then the whole file will be
+read into memory, else the program will read blocks.
+Defaults to 1MB.
+.It Fl b
+Set
+.Ar block-size
+as the block size for block-wise I/O.  This must be a
+power of 2, must be no smaller than 512 and no larger
+than 1MB.  Defaults to the
+.Ar file's
+filesystem's preferred blocksize.
+.El
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ env LC_ALL=C sort -o /tmp/words /usr/share/dict/words
+$ bsearch -Kv /tmp/words day
+Using whole-file method
+Key day found at offset 327695 in 12 loops and 0 reads
+day
+$ 
+.Sh NOTES
+.Pp
+Records must not be longer than one block's size.
+.Pp
+Flat text files must be sorted in the "C" locale.  In
+some systems the default locale may result in
+case-insensitive sorting by the sort command.
+.Sh SEE ALSO
+.Xr sort 1

appl/dbutils/bsearch.c

@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2011, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <errno.h>
+#include <roken.h>
+#include <heimbase.h>
+#include <getarg.h>
+#include <vers.h>
+
+int help_flag;
+int version_flag;
+int verbose_flag;
+int print_keys_flag;
+int no_values_flag;
+int block_size_int;
+int max_size_int;
+
+struct getargs args[] = {
+    { "print-keys",     'K',  arg_flag, &print_keys_flag,
+	"print keys", NULL },
+    { "no-values",      'V',  arg_flag, &no_values_flag,
+	"don't print values", NULL },
+    { "verbose",        'v',  arg_flag, &verbose_flag,
+	"print statistics and informative messages", NULL },
+    { "help",           'h',  arg_flag, &help_flag,
+	"print usage message", NULL },
+    { "block-size",     'b',  arg_integer, &block_size_int,
+	"block size", "integer" },
+    { "max-cache-size", 'm',  arg_integer, &max_size_int,
+	"maximum cache size", "integer" },
+    { "version",        '\0', arg_flag, &version_flag, NULL, NULL }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int status)
+{
+    arg_printusage(args, num_args, NULL, "file [key ...]");
+    exit(status);
+}
+
+#define MAX_BLOCK_SIZE (1024 * 1024)
+#define DEFAULT_MAX_FILE_SIZE (1024 * 1024)
+
+int
+main(int argc, char **argv)
+{
+    char keybuf[1024];
+    char *fname;
+    char *key = keybuf;
+    char *value;
+    char *p;
+    bsearch_file_handle bfh = NULL;
+    size_t num;
+    size_t loc;           /* index where record is located or to be inserted */
+    size_t loops;         /* number of loops/comparisons needed for lookup */
+    size_t reads = 0;	  /* number of reads needed for a lookup */
+    size_t failures = 0;  /* number of lookup failures -- for exit status */
+    size_t block_size = 0;
+    size_t max_size = 0;
+    int optidx = 0;
+    int blockwise;
+    int ret = 0;
+
+    setprogname(argv[0]);
+    if (getarg(args, num_args, argc, argv, &optidx))
+	usage(1);
+
+    if (version_flag) {
+	print_version(NULL);
+	return 0;
+    }
+
+    if (help_flag)
+	usage(0);
+
+    if (block_size_int != 0 && block_size_int < 512) {
+	fprintf(stderr, "Invalid block size: too small\n");
+	return 1;
+    }
+    if (block_size_int > 0) {
+	/* Check that block_size is a power of 2 */
+	num = block_size_int;
+	while (num) {
+	    if ((num % 2) && (num >> 1)) {
+		fprintf(stderr, "Invalid block size: must be power "
+			"of two\n");
+		return 1;
+	    }
+	    num >>= 1;
+	}
+	if (block_size_int > MAX_BLOCK_SIZE)
+	    fprintf(stderr, "Invalid block size: too large\n");
+	block_size = block_size_int;
+    }
+    if (max_size_int < 0)
+	usage(1);
+    max_size = max_size_int;
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc == 0)
+	usage(1);
+
+    fname = argv[0];
+    argc--;
+    argv++;
+
+    ret = __bsearch_file_open(fname, max_size, block_size, &bfh, &reads);
+    if (ret != 0) {
+	perror("bsearch_file_open");
+	return 1;
+    }
+
+    __bsearch_file_info(bfh, &block_size, &max_size, &blockwise);
+    if (verbose_flag && blockwise) {
+	fprintf(stderr, "Using block-wise method with block size %lu and "
+		"cache size %lu\n",
+		(long unsigned)block_size, (long unsigned)max_size);
+    } else if (verbose_flag) {
+	fprintf(stderr, "Using whole-file method\n");
+    }
+
+    for (;;) {
+	loops = 0; /* reset stats */
+	/* Eww */
+	if (argc) {
+	    key = *(argv++);
+	    if (!key)
+		break;
+	} else {
+	    if (!fgets(keybuf, sizeof (keybuf), stdin))
+		break;
+	    p = strchr(key, '\n');
+	    if (!p)
+		break;
+	    *p = '\0';
+	    if (!*key)
+		continue;
+	}
+	ret = __bsearch_file(bfh, key, &value, &loc, &loops, &reads);
+	if (ret != 0) {
+	    if (ret > 0) {
+		fprintf(stderr, "Error: %s\n", strerror(ret));
+		__bsearch_file_close(&bfh);
+		return 1;
+	    }
+	    if (verbose_flag)
+		fprintf(stderr, "Key %s not found in %lu loops and %lu reads; "
+			"insert at %lu\n", key, (long unsigned)loops,
+			(long unsigned)reads, (long unsigned)loc);
+	    failures++;
+	    continue;
+	}
+	if (verbose_flag)
+	    fprintf(stderr, "Key %s found at offset %lu in %lu loops and "
+		    "%lu reads\n", key, (long unsigned)loc,
+		    (long unsigned)loops, (long unsigned)reads);
+	if (print_keys_flag && !no_values_flag && value)
+	    printf("%s %s\n", key, value);
+	else if (print_keys_flag)
+	    printf("%s\n", key);
+	else if (no_values_flag && value)
+	    printf("%s\n", value);
+	free(value);
+    }
+    if (failures)
+	return 2;
+    __bsearch_file_close(&bfh);
+    return 0;
+}

appl/dceutils/Makefile.am

@@ -24,6 +24,7 @@ k5dcecon_SOURCES  = k5dcecon.c k5dce.h
 dpagaix_SOURCES = dpagaix.c
 
 EXTRA_DIST = \
+	NTMakefile \
 	dfspag.exp \
 	README.dcedfs \
 	README.original \

appl/dceutils/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\dceutils 
+
+!include ../../windows/NTMakefile.w32 
+

appl/dceutils/k5dce.h

@@ -55,7 +55,7 @@ typedef unsigned char   krb5_octet;
 typedef krb5_octet      krb5_boolean;
 typedef krb5short       krb5_keytype; /* in k5.2 it's a short */
 typedef krb5_int32      krb5_flags;
-typedef krb5_int32  krb5_timestamp;
+typedef krb5_int32  krb5_timestamp; /* is a time_t in krb5.h */
 
 typedef char * krb5_pointer;  /* pointer to unexposed data */
 

appl/ftp/Makefile.am

@@ -3,3 +3,5 @@
 include $(top_srcdir)/Makefile.am.common
 
 SUBDIRS = common ftp ftpd
+
+EXTRA_DIST = NTMakefile

appl/ftp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp 
+
+!include ../../windows/NTMakefile.w32 
+

appl/ftp/common/Makefile.am

@@ -2,11 +2,11 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_krb4) 
-
 noinst_LIBRARIES = libcommon.a
 
 libcommon_a_SOURCES = \
 	sockbuf.c \
 	buffer.c \
 	common.h
+
+EXTRA_DIST = NTMakefile

appl/ftp/common/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\common 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftp/Makefile.am

@@ -41,4 +41,4 @@ LDADD = \
 	$(LIB_roken) \
 	$(LIB_readline)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/ftp/ftp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\ftp 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftp/cmds.c

@@ -1759,6 +1759,11 @@ setnmap(int argc, char **argv)
 	mapflag = 1;
 	code = 1;
 	cp = strchr(altarg, ' ');
+	if (cp == NULL) {
+		printf("Usage: %s missing space\n",argv[0]);
+		code = -1;
+		return;
+	}
 	if (proxy) {
 		while(*++cp == ' ')
 			continue;

appl/ftp/ftp/ftp.1

@@ -53,8 +53,8 @@ file transfer program
 .Op Fl t
 .Op Fl v
 .Op Fl x
-.Op Fl -no-gss-bindings
+.Op Fl Fl no-gss-bindings
-.Op Fl -no-gss-delegate
+.Op Fl Fl no-gss-delegate
 .Op Ar host
 .Sh DESCRIPTION
 .Nm
@@ -103,10 +103,10 @@ Turn on passive mode.
 Enables debugging.
 .It Fl g
 Disables file name globbing.
- .It Fl -no-gss-bindings
+ .It Fl Fl no-gss-bindings
 Don't use GSS-API bindings when talking to peer. IP addresses will not
 be checked to ensure they match.
-.It Fl -no-gss-delegate
+.It Fl Fl no-gss-delegate
 Disable delegation of GSSAPI credentials.
 .It Fl l
 Disables command line editing.

appl/ftp/ftp/ftp.c

@@ -678,7 +678,7 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
     char *rmode = "w";
 
     if (verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
+	if (strcmp (local, "-") != 0)
 	    printf ("local: %s ", local);
 	if (remote)
 	    printf ("remote: %s\n", remote);
@@ -909,7 +909,7 @@ recvrequest (char *cmd, char *local, char *remote,
 
     is_retr = strcmp (cmd, "RETR") == 0;
     if (is_retr && verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
+	if (strcmp (local, "-") != 0)
 	    printf ("local: %s ", local);
 	if (remote)
 	    printf ("remote: %s\n", remote);
@@ -936,7 +936,7 @@ recvrequest (char *cmd, char *local, char *remote,
 	return;
     }
     oldintr = signal (SIGINT, abortrecv);
-    if (!local_given || (strcmp (local, "-") && *local != '|')) {
+    if (!local_given || (strcmp(local, "-") && *local != '|')) {
 	if (access (local, 2) < 0) {
 	    char *dir = strrchr (local, '/');
 

appl/ftp/ftp/gssapi.c

@@ -45,9 +45,9 @@ RCSID("$Id$");
 int ftp_do_gss_bindings = 0;
 int ftp_do_gss_delegate = 1;
 
-struct gss_data {
+struct gssapi_data {
     gss_ctx_id_t context_hdl;
-    char *client_name;
+    gss_name_t client_name;
     gss_cred_id_t delegated_cred_handle;
     void *mech_data;
 };
@@ -55,7 +55,7 @@ struct gss_data {
 static int
 gss_init(void *app_data)
 {
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     d->context_hdl = GSS_C_NO_CONTEXT;
     d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 #if defined(FTP_SERVER)
@@ -85,7 +85,7 @@ gss_decode(void *app_data, void *buf, int len, int level)
     gss_buffer_desc input, output;
     gss_qop_t qop_state;
     int conf_state;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     size_t ret_len;
 
     input.length = len;
@@ -114,14 +114,15 @@ gss_overhead(void *app_data, int level, int len)
 static int
 gss_encode(void *app_data, void *from, int length, int level, void **to)
 {
-    OM_uint32 maj_stat, min_stat;
+    OM_uint32 min_stat;
     gss_buffer_desc input, output;
     int conf_state;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
 
     input.length = length;
     input.value = from;
-    maj_stat = gss_wrap (&min_stat,
+    /* XXX We should really display the major status... */
+    (void) gss_wrap(&min_stat,
 		    d->context_hdl,
 		    level == prot_private,
 		    GSS_C_QOP_DEFAULT,
@@ -173,7 +174,7 @@ gss_adat(void *app_data, void *buf, size_t len)
     gss_buffer_desc input_token, output_token;
     OM_uint32 maj_stat, min_stat;
     gss_name_t client_name;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     gss_channel_bindings_t bindings;
 
     if (ftp_do_gss_bindings) {
@@ -219,32 +220,8 @@ gss_adat(void *app_data, void *buf, size_t len)
 	gss_release_buffer(&min_stat, &output_token);
     }
     if(maj_stat == GSS_S_COMPLETE){
-	char *name;
+	d->client_name = client_name;
-	gss_buffer_desc export_name;
+	client_name = GSS_C_NO_NAME;
-	gss_OID oid;
-
-	maj_stat = gss_display_name(&min_stat, client_name,
-				    &export_name, &oid);
-	if(maj_stat != 0) {
-	    reply(500, "Error displaying name");
-	    goto out;
-	}
-	/* XXX kerberos */
-	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
-	    reply(500, "OID not kerberos principal name");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name = malloc(export_name.length + 1);
-	if(name == NULL) {
-	    reply(500, "Out of memory");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	memcpy(name, export_name.value, export_name.length);
-	name[export_name.length] = '\0';
-	gss_release_buffer(&min_stat, &export_name);
-	d->client_name = name;
 	if(p)
 	    reply(235, "ADAT=%s", p);
 	else
@@ -272,19 +249,19 @@ gss_adat(void *app_data, void *buf, size_t len)
 	gss_release_buffer(&new_stat, &status_string);
 	reply(431, "Security resource unavailable");
     }
-  out:
+
     if (client_name)
 	gss_release_name(&min_stat, &client_name);
     free(p);
     return 0;
 }
 
-int gss_userok(void*, char*);
+int gssapi_userok(void*, char*);
-int gss_session(void*, char*);
+int gssapi_session(void*, char*);
 
 struct sec_server_mech gss_server_mech = {
     "GSSAPI",
-    sizeof(struct gss_data),
+    sizeof(struct gssapi_data),
     gss_init, /* init */
     NULL, /* end */
     gss_check_prot,
@@ -296,8 +273,8 @@ struct sec_server_mech gss_server_mech = {
     gss_adat,
     NULL, /* pbsz */
     NULL, /* ccc */
-    gss_userok,
+    gssapi_userok,
-    gss_session
+    gssapi_session
 };
 
 #else /* FTP_SERVER */
@@ -357,7 +334,7 @@ gss_auth(void *app_data, char *host)
     char *p;
     int n;
     gss_channel_bindings_t bindings;
-    struct gss_data *d = app_data;
+    struct gssapi_data *d = app_data;
     OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
 
     const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
@@ -522,7 +499,7 @@ gss_auth(void *app_data, char *host)
 
 struct sec_client_mech gss_client_mech = {
     "GSSAPI",
-    sizeof(struct gss_data),
+    sizeof(struct gssapi_data),
     gss_init,
     gss_auth,
     NULL, /* end */

appl/ftp/ftp/main.c

@@ -555,10 +555,9 @@ help(int argc, char **argv)
 		for (i = 0; i < lines; i++) {
 			for (j = 0; j < columns; j++) {
 				c = cmdtab + j * lines + i;
-				if (c->c_name && (!proxy || c->c_proxy)) {
+				if ((!proxy || c->c_proxy)) {
 					printf("%s", c->c_name);
-				}
+				} else {
-				else if (c->c_name) {
 					for (k=0; k < strlen(c->c_name); k++) {
 						putchar(' ');
 					}

appl/ftp/ftp/security.c

@@ -81,7 +81,7 @@ name_to_level(const char *name)
     for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
 	if(!strncasecmp(level_names[i].name, name, strlen(name)))
 	    return level_names[i].level;
-    return (enum protection_level)-1;
+    return prot_invalid;
 }
 #endif
 
@@ -550,14 +550,20 @@ void mec(char *msg, enum protection_level level)
     }
     buf_size = strlen(msg) + 2;
     buf = malloc(buf_size);
+    if (buf == NULL) {
+	reply(501, "Failed to allocate %lu", (unsigned long)buf_size);
+	return;
+    }
     len = base64_decode(msg, buf);
     command_prot = level;
     if(len == (size_t)-1) {
+	free(buf);
 	reply(501, "Failed to base64-decode command");
 	return;
     }
     len = (*mech->decode)(app_data, buf, len, level);
     if(len == (size_t)-1) {
+	free(buf);
 	reply(535, "Failed to decode command");
 	return;
     }
@@ -677,7 +683,7 @@ set_command_prot(enum protection_level level)
 	ret = command("CCC");
 	if(ret != COMPLETE) {
 	    printf("Failed to clear command channel.\n");
-	    return -1;
+	    return prot_invalid;
 	}
     }
     command_prot = level;

appl/ftp/ftp/security.h

@@ -37,10 +37,11 @@
 #define __security_h__
 
 enum protection_level {
-    prot_clear,
+    prot_invalid = -1,
-    prot_safe,
+    prot_clear = 0,
-    prot_confidential,
+    prot_safe = 1,
-    prot_private
+    prot_confidential = 2,
+    prot_private = 3
 };
 
 struct sec_client_mech {

appl/ftp/ftpd/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+AM_CPPFLAGS += -I$(srcdir)/../common -DFTP_SERVER
 
 libexec_PROGRAMS = ftpd
 
@@ -24,7 +24,6 @@ ftpd_SOURCES =		\
 	security.c	\
 	kauth.c		\
 	klist.c		\
-	$(krb4_sources) \
 	$(krb5_sources)
 
 EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c
@@ -47,8 +46,7 @@ LDADD = ../common/libcommon.a \
 	$(LIB_gssapi) \
 	$(LIB_krb5) \
 	$(LIB_kafs) \
-	$(LIB_krb4) \
 	$(LIB_hcrypto) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/ftp/ftpd/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\ftp\ftpd 
+
+!include ../../../windows/NTMakefile.w32 
+

appl/ftp/ftpd/ftpcmd.y

@@ -155,11 +155,11 @@ cmd
 		{
 		    if ($5) {
 			if (paranoid &&
-			    (data_dest->sa_family != AF_INET ||
+			    (data_dest->sa_family != his_addr->sa_family ||
-			     (ntohs(data_dest->sin_port) < IPPORT_RESERVED) ||
+			     (socket_get_port(data_dest) < IPPORT_RESERVED) ||
-			     memcmp(data_dest->sin_addr,
+			     memcmp(socket_get_address(data_dest),
-				    &his_addr->sin_addr,
+				    socket_get_address(his_addr),
-				    sizeof(data_dest.sin_addr)) != 0)) {
+				    socket_addr_size(his_addr)) != 0)) {
 			    usedefault = 1;
 			    reply(500, "Illegal PORT range rejected.");
 			} else {

appl/ftp/ftpd/ftpd.8

@@ -47,11 +47,11 @@
 .Op Fl p Ar port
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
-.Op Fl -gss-bindings
+.Op Fl Fl gss-bindings
-.Op Fl I | Fl -no-insecure-oob
+.Op Fl I | Fl Fl no-insecure-oob
 .Op Fl u Ar default umask
-.Op Fl B | Fl -builtin-ls
+.Op Fl B | Fl Fl builtin-ls
-.Op Fl -good-chars= Ns Ar string
+.Op Fl Fl good-chars= Ns Ar string
 .Sh DESCRIPTION
 .Nm Ftpd
 is the
@@ -101,7 +101,7 @@ Debugging information is written to the syslog using LOG_FTP.
 .It Fl g
 Anonymous users will get a umask of
 .Ar umask .
-.It Fl -gss-bindings
+.It Fl Fl gss-bindings
 require the peer to use GSS-API bindings (ie make sure IP addresses match).
 .It Fl i
 Open a socket and wait for a connection. This is mainly used for
@@ -144,16 +144,16 @@ revert to the old behavior.
 Verbose mode.
 .It Xo
 .Fl B ,
-.Fl -builtin-ls
+.Fl Fl builtin-ls
 .Xc
 use built-in ls to list files
 .It Xo
-.Fl -good-chars= Ns Ar string
+.Fl Fl good-chars= Ns Ar string
 .Xc
 allowed anonymous upload filename chars
 .It Xo
 .Fl I
-.Fl -no-insecure-oob
+.Fl Fl no-insecure-oob
 .Xc
 don't allow insecure out of band.
 Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning

appl/ftp/ftpd/ftpd.c

@@ -329,7 +329,7 @@ main(int argc, char **argv)
 #endif
 
     if(interactive_flag)
-	mini_inetd (port);
+	mini_inetd(port, NULL);
 
     /*
      * LOG_NDELAY sets up the logging connection immediately,
@@ -346,14 +346,9 @@ main(int argc, char **argv)
 	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
 	exit(1);
     }
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+#if defined(IP_TOS)
-    {
+    if (ctrl_addr->sa_family == AF_INET)
-	int tos = IPTOS_LOWDELAY;
+	socket_set_tos(STDIN_FILENO, IP_TOS);
-
-	if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-		       (void *)&tos, sizeof(int)) < 0)
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
 #endif
     data_source->sa_family = ctrl_addr->sa_family;
     socket_set_port (data_source,
@@ -1111,10 +1106,14 @@ do_store(char *name, char *mode, int unique)
 
 	if(guest && filename_check(name))
 	    return;
-	if (unique && stat(name, &st) == 0 &&
+	if (unique) {
-	    (name = gunique(name)) == NULL) {
+	    char *uname;
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
+	    if (stat(name, &st) == 0) {
+		if ((uname = gunique(name)) == NULL)
 		    return;
+		name = uname;
+	    }
+	    LOGCMD(*mode == 'w' ? "put" : "append", name);
 	}
 
 	if (restart_point)
@@ -1272,13 +1271,9 @@ dataconn(const char *name, off_t size, const char *mode)
 		}
 		close(pdata);
 		pdata = s;
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+#if defined(IPTOS_THROUGHPUT)
-		{
+		if (from->sa_family == AF_INET)
-		    int tos = IPTOS_THROUGHPUT;
+		    socket_set_tos(s, IPTOS_THROUGHPUT);
-		
-		    setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
-			       sizeof(tos));
-		}
 #endif
 		reply(150, "Opening %s mode data connection for '%s'%s.",
 		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);

appl/ftp/ftpd/gss_userok.c

@@ -33,122 +33,43 @@
 
 #include "ftpd_locl.h"
 #include <gssapi/gssapi.h>
-#include <gssapi/gssapi_krb5.h>
-#include <krb5.h>
-
-/* XXX a bit too much of krb5 dependency here...
-   What is the correct way to do this?
-   */
-
-struct gss_krb5_data {
-    krb5_context context;
-};
 
 /* XXX sync with gssapi.c */
-struct gss_data {
+struct gssapi_data {
     gss_ctx_id_t context_hdl;
-    char *client_name;
+    gss_name_t client_name;
     gss_cred_id_t delegated_cred_handle;
     void *mech_data;
 };
 
-int gss_userok(void*, char*); /* to keep gcc happy */
+int gssapi_userok(void*, char*); /* to keep gcc happy */
-int gss_session(void*, char*); /* to keep gcc happy */
+int gssapi_session(void*, char*); /* to keep gcc happy */
 
 int
-gss_userok(void *app_data, char *username)
+gssapi_userok(void *app_data, char *username)
 {
-    struct gss_data *data = app_data;
+    struct gssapi_data *data = app_data;
-    krb5_error_code ret;
-    krb5_principal client;
-    struct gss_krb5_data *kdata;
 
-    kdata = calloc(1, sizeof(struct gss_krb5_data));
+    /* Yes, this logic really is inverted. */
-    if (kdata == NULL)
+    return !gss_userok(data->client_name, username);
-	return 1;
-    data->mech_data = kdata;
-
-    ret = krb5_init_context(&(kdata->context));
-    if (ret) {
-	free(kdata);
-	return 1;
-    }
-
-    ret = krb5_parse_name(kdata->context, data->client_name, &client);
-    if(ret) {
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-    ret = krb5_kuserok(kdata->context, client, username);
-    if (!ret) {
-	krb5_free_principal(kdata->context, client);
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-
-    ret = 0;
-    krb5_free_principal(kdata->context, client);
-    return ret;
 }
 
 int
-gss_session(void *app_data, char *username)
+gssapi_session(void *app_data, char *username)
 {
-    struct gss_data *data = app_data;
+    struct gssapi_data *data = app_data;
-    krb5_error_code ret;
+    OM_uint32 major, minor;
-    OM_uint32 minor_status;
+    int ret = 0;
-    struct gss_krb5_data *kdata;
 
-    ret = 0;
-
-    kdata = (struct gss_krb5_data *)(data->mech_data);
-
-    /* more of krb-depend stuff :-( */
-    /* gss_add_cred() ? */
     if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
-	krb5_ccache ccache = NULL;
+        major = gss_store_cred(&minor, data->delegated_cred_handle,
-	const char* ticketfile;
+                               GSS_C_INITIATE, GSS_C_NO_OID,
-	struct passwd *kpw;
+                               1, 1, NULL, NULL);
-
+        if (GSS_ERROR(major))
-	ret = krb5_cc_new_unique(kdata->context, NULL, NULL, &ccache);
-	if (ret)
-	    goto fail;
-	
-	ticketfile = krb5_cc_get_name(kdata->context, ccache);
-
-	ret = gss_krb5_copy_ccache(&minor_status,
-				   data->delegated_cred_handle,
-				   ccache);
-	if (ret) {
-	    ret = 0;
-	    goto fail;
-	}
-
-	do_destroy_tickets = 1;
-
-	kpw = getpwnam(username);
-
-	if (kpw == NULL) {
-	    unlink(ticketfile);
             ret = 1;
-	    goto fail;
-	}
-
-	chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
-
-	if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) {
-	    esetenv ("KRB5CCNAME", k5ccname, 1);
-	}
 	afslog(NULL, 1);
-    fail:
-	if (ccache)
-	    krb5_cc_close(kdata->context, ccache);
     }
 
-    gss_release_cred(&minor_status, &data->delegated_cred_handle);
+    gss_release_cred(&minor, &data->delegated_cred_handle);
-    krb5_free_context(kdata->context);
-    free(kdata);
     return ret;
 }

appl/ftp/ftpd/logwtmp.c

@@ -64,6 +64,7 @@ RCSID("$Id$");
 #include <roken.h>
 #include "extern.h"
 
+#ifndef HAVE_UTMPX_H
 #ifndef WTMP_FILE
 #ifdef _PATH_WTMP
 #define WTMP_FILE _PATH_WTMP
@@ -71,6 +72,7 @@ RCSID("$Id$");
 #define WTMP_FILE "/var/adm/wtmp"
 #endif
 #endif
+#endif
 
 #ifdef HAVE_ASL_H
 
@@ -109,11 +111,17 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
 #ifdef WTMPX_FILE
     static int fdx;
 #endif
+#ifdef HAVE_UTMP_H
     struct utmp ut;
-#ifdef WTMPX_FILE
+#endif
+#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H)
     struct utmpx utx;
 #endif
 
+#ifdef HAVE_UTMPX_H
+    memset(&utx, 0, sizeof(struct utmpx));
+#endif
+#ifdef HAVE_UTMP_H
     memset(&ut, 0, sizeof(struct utmp));
 #ifdef HAVE_STRUCT_UTMP_UT_TYPE
     if(name[0])
@@ -130,8 +138,9 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
     strncpy(ut.ut_host, host, sizeof(ut.ut_host));
 #endif
     ut.ut_time = time(NULL);
+#endif
 
-#ifdef WTMPX_FILE
+#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H)
     strncpy(utx.ut_line, line, sizeof(utx.ut_line));
     strncpy(utx.ut_user, name, sizeof(utx.ut_user));
     strncpy(utx.ut_host, host, sizeof(utx.ut_host));
@@ -154,15 +163,23 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host)
 	utx.ut_type = DEAD_PROCESS;
 #endif
 
+#ifdef HAVE_UTMPX_H
+    pututxline(&utx);
+#endif
+
     if(!init){
+#ifdef WTMP_FILE
 	fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
+#endif
 #ifdef WTMPX_FILE
 	fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
 #endif
 	init = 1;
     }
     if(fd >= 0) {
+#ifdef WTMP_FILE
 	write(fd, &ut, sizeof(struct utmp)); /* XXX */
+#endif
 #ifdef WTMPX_FILE
 	write(fdx, &utx, sizeof(struct utmpx));
 #endif

appl/gssmask/Makefile.am

@@ -8,5 +8,6 @@ gssmask_SOURCES = gssmask.c common.c common.h protocol.h
 
 gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
 
-LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la
 
+EXTRA_DIST = NTMakefile

appl/gssmask/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\gssmask 
+
+!include ../../windows/NTMakefile.w32 
+

appl/gssmask/gssmask.c

@@ -427,7 +427,6 @@ HandleOP(AcceptContext)
     gss_ctx_id_t ctx;
     gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
     gss_buffer_desc input_token, output_token;
-    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
 
     ret32(c, hContext);
     ret32(c, flags);
@@ -440,7 +439,6 @@ HandleOP(AcceptContext)
     if (in_token.length) {
 	input_token.length = in_token.length;
 	input_token.value = in_token.data;
-	input_token_ptr = &input_token;
     } else {
 	input_token.length = 0;
 	input_token.value = NULL;
@@ -848,22 +846,12 @@ HandleOP(CallExtension)
     errx(1, "CallExtension");
 }
 
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_enterprise_cert (
-	krb5_context /*context*/,
-	const char */*user_id*/,
-	krb5_const_realm /*realm*/,
-	krb5_principal */*principal*/);
-
-
 static int
 HandleOP(AcquirePKInitCreds)
 {
-    krb5_error_code ret;
     int32_t flags;
     krb5_data pfxdata;
     char fn[] = "FILE:/tmp/pkcs12-creds-XXXXXXX";
-    const char *default_realm = "H5L.ORG";
     krb5_principal principal = NULL;
     int fd;
 
@@ -878,13 +866,6 @@ HandleOP(AcquirePKInitCreds)
     krb5_data_free(&pfxdata);
     close(fd);
 
-    /* get credentials */
-
-    ret = _krb5_pk_enterprise_cert(context, fn, default_realm, &principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pk_enterprise_certs");
-
-
     if (principal)
 	krb5_free_principal(context, principal);
 
@@ -1252,7 +1233,7 @@ main(int argc, char **argv)
 	    err(1, "error opening %s", lf);
     }
 
-    mini_inetd(htons(port));
+    mini_inetd(htons(port), NULL);
     fprintf(logfile, "connected\n");
 
     {

appl/kf/Makefile.am

@@ -17,4 +17,4 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/kf/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\kf 
+
+!include ../../windows/NTMakefile.w32 
+

appl/kf/kf.1

@@ -41,20 +41,20 @@
 .Nm
 .Oo
 .Fl p Ar port |
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Oc
 .Oo
 .Fl l Ar login |
-.Fl -login Ns = Ns Ar login
+.Fl Fl login Ns = Ns Ar login
 .Oc
 .Oo
 .Fl c Ar ccache |
-.Fl -ccache Ns = Ns Ar ccache
+.Fl Fl ccache Ns = Ns Ar ccache
 .Oc
 .Op Fl F | -forwardable
 .Op Fl G | -no-forwardable
 .Op Fl h | -help
-.Op Fl -version
+.Op Fl Fl version
 .Ar host ...
 .Sh DESCRIPTION
 The
@@ -65,17 +65,17 @@ Options supported are:
 .Bl -tag -width indent
 .It Xo
 .Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Xc
 port to connect to
 .It Xo
 .Fl l Ar login ,
-.Fl -login Ns = Ns Ar login
+.Fl Fl login Ns = Ns Ar login
 .Xc
 remote login name
 .It Xo
 .Fl c Ar ccache ,
-.Fl -ccache Ns = Ns Ar ccache
+.Fl Fl ccache Ns = Ns Ar ccache
 .Xc
 remote cred cache
 .It Fl F , -forwardable
@@ -83,7 +83,7 @@ forward forwardable credentials
 .It Fl G , -no-forwardable
 do not forward forwardable credentials
 .It Fl h , -help
-.It Fl -version
+.It Fl Fl version
 .El
 .Pp
 .Nm
@@ -94,7 +94,7 @@ In order for
 .Nm
 to work you will need to acquire your initial ticket with forwardable
 flag, i.e.
-.Nm kinit Fl -forwardable .
+.Nm kinit Fl Fl forwardable .
 .Pp
 .Nm telnet
 is able to forward tickets by itself.

appl/kf/kf.c

@@ -146,6 +146,7 @@ proto (int sock, const char *hostname, const char *service,
 					     auth_context,
 					     &sock);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_auth_con_setaddr");
 	return 1;
     }
@@ -156,6 +157,7 @@ proto (int sock, const char *hostname, const char *service,
 				      KRB5_NT_SRV_HST,
 				      &server);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_sname_to_principal");
 	return 1;
     }
@@ -174,6 +176,7 @@ proto (int sock, const char *hostname, const char *service,
 			    NULL,
 			    NULL);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn(context, status, "krb5_sendauth");
 	return 1;
     }
@@ -185,6 +188,7 @@ proto (int sock, const char *hostname, const char *service,
     data_send.length = strlen(remote_name) + 1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_write_message");
 	return 1;
     }
@@ -192,6 +196,7 @@ proto (int sock, const char *hostname, const char *service,
     data_send.length = strlen(ccache_name)+1;
     status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_write_message");
 	return 1;
     }
@@ -200,12 +205,14 @@ proto (int sock, const char *hostname, const char *service,
 
     status = krb5_cc_default (context, &ccache);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_cc_default");
 	return 1;
     }
 
     status = krb5_cc_get_principal (context, ccache, &principal);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_cc_get_principal");
 	return 1;
     }
@@ -220,6 +227,7 @@ proto (int sock, const char *hostname, const char *service,
 				  NULL);
 
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_make_principal");
 	return 1;
     }
@@ -238,6 +246,7 @@ proto (int sock, const char *hostname, const char *service,
 				       &creds,
 				       &data);
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_get_forwarded_creds");
 	return 1;
     }
@@ -245,6 +254,7 @@ proto (int sock, const char *hostname, const char *service,
     status = krb5_write_priv_message(context, auth_context, &sock, &data);
 
     if (status) {
+	krb5_auth_con_free(context, auth_context);
 	krb5_warn (context, status, "krb5_mk_priv");
 	return 1;
     }
@@ -252,6 +262,7 @@ proto (int sock, const char *hostname, const char *service,
     krb5_data_free (&data);
 
     status = krb5_read_priv_message(context, auth_context, &sock, &data);
+    krb5_auth_con_free(context, auth_context);
     if (status) {
 	krb5_warn (context, status, "krb5_mk_priv");
 	return 1;

appl/kf/kfd.8

@@ -41,15 +41,15 @@
 .Nm
 .Oo
 .Fl p Ar port |
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Oc
 .Op Fl i | -inetd
 .Oo
 .Fl R Ar regpag |
-.Fl -regpag Ns = Ns Ar regpag
+.Fl Fl regpag Ns = Ns Ar regpag
 .Oc
 .Op Fl h | -help
-.Op Fl -version
+.Op Fl Fl version
 .Sh DESCRIPTION
 This is the daemon for
 .Xr kf 1 .
@@ -57,14 +57,14 @@ Supported options:
 .Bl -tag -width indent
 .It Xo
 .Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
+.Fl Fl port Ns = Ns Ar port
 .Xc
 port to listen to
 .It Fl i , -inetd
 not started from inetd
 .It Xo
 .Fl R Ar regpag ,
-.Fl -regpag= Ns Ar regpag
+.Fl Fl regpag= Ns Ar regpag
 .Xc
 path to regpag binary
 .El

appl/kf/kfd.c

@@ -274,14 +274,17 @@ proto (int sock, const char *service)
 
     data.data = ret_string;
     data.length = strlen(ret_string) + 1;
-    return krb5_write_priv_message(context, auth_context, &sock, &data);
+    status = krb5_write_priv_message(context, auth_context, &sock, &data);
+    krb5_auth_con_free(context, auth_context);
+
+    return status;
 }
 
 static int
 doit (int port, const char *service)
 {
     if (do_inetd)
-	mini_inetd(port);
+	mini_inetd(port, NULL);
     return proto (STDIN_FILENO, service);
 }
 

appl/kx/Makefile.am

@@ -46,7 +46,7 @@ kxd_SOURCES = \
 
 EXTRA_kxd_SOURCES = writeauth.c
 
-EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in $(man_MANS)
+EXTRA_DIST = NTMakefile rxterm.in rxtelnet.in tenletxr.in $(man_MANS)
 
 man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
 

appl/kx/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\kx 
+
+!include ../../windows/NTMakefile.w32 
+

appl/kx/common.c

@@ -270,7 +270,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	     tmp = try_socket (&s[n], dpy, *path);
 	     if (tmp == -1) {
 		 if (errno != ENOTDIR && errno != ENOENT)
-		     return -1;
+		     err(1, "failed to open '%s'", *path);
 	     } else if (tmp == 1) {
 		 while(--n >= 0) {
 		     close (s[n].fd);
@@ -288,7 +288,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	     tmp = try_pipe (&s[n], dpy, *path);
 	     if (tmp == -1) {
 		 if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
-		     return -1;
+		     err(1, "failed to open '%s'", *path);
 	     } else if (tmp == 1) {
 		 while (--n >= 0) {
 		     close (s[n].fd);
@@ -306,7 +306,7 @@ get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
 	 if (tcp_socket) {
 	     tmp = try_tcp (&s[n], dpy);
 	     if (tmp == -1)
-		 return -1;
+		 err(1, "failed to open tcp stocket");
 	     else if (tmp == 1) {
 		 while (--n >= 0) {
 		     close (s[n].fd);

appl/kx/krb5.c

@@ -51,6 +51,33 @@ typedef struct krb5_kx_context krb5_kx_context;
 #define K5DATA(kc) ((krb5_kx_context*)kc->data)
 #define CONTEXT(kc) (K5DATA(kc)->context)
 
+/*
+ *
+ */
+
+static void
+ksyslog(krb5_context context, krb5_error_code ret, const char *fmt, ...)
+	__attribute__((__format__(__printf__, 3, 0)));
+
+static void
+ksyslog(krb5_context context, krb5_error_code ret, const char *fmt, ...)
+{
+    const char *msg;
+    char *str = NULL;
+    va_list va;
+
+    msg = krb5_get_error_message(context, ret);
+
+    va_start(va, fmt);
+    vasprintf(&str, fmt, va);
+    va_end(va);
+
+    syslog(LOG_ERR, "%s: %s", str, msg);
+
+    krb5_free_error_message(context, msg);
+    free(str);
+}
+
 /*
  * Destroy the krb5 context in `c'.
  */
@@ -378,8 +405,7 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
     ret = krb5_sock_to_principal (CONTEXT(kc), sock, "host",
 				  KRB5_NT_SRV_HST, &server);
     if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+	ksyslog (CONTEXT(kc), ret, "krb5_sock_to_principal");
-		krb5_get_err_text (CONTEXT(kc), ret));
 	exit (1);
     }
 
@@ -393,22 +419,19 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
 			 &ticket);
     krb5_free_principal (CONTEXT(kc), server);
     if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+	ksyslog (CONTEXT(kc), ret, "krb5_recvauth");
-		krb5_get_err_text (CONTEXT(kc), ret));
 	exit (1);
     }
 
     ret = krb5_auth_con_getkey (CONTEXT(kc), auth_context, &K5DATA(kc)->keyblock);
     if (ret) {
-	syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
+	ksyslog (CONTEXT(kc), ret, "krb5_auth_con_getkey");
-		krb5_get_err_text (CONTEXT(kc), ret));
 	exit (1);
     }
 
     ret = krb5_crypto_init (CONTEXT(kc), K5DATA(kc)->keyblock, 0, &K5DATA(kc)->crypto);
     if (ret) {
-	syslog (LOG_ERR, "krb5_crypto_init: %s",
+	ksyslog (CONTEXT(kc), ret, "krb5_crypto_init");
-		krb5_get_err_text (CONTEXT(kc), ret));
 	exit (1);
     }
 
@@ -416,6 +439,8 @@ recv_v5_auth (kx_context *kc, int sock, u_char *buf)
     ticket->client = NULL;
     krb5_free_ticket (CONTEXT(kc), ticket);
 
+    krb5_auth_con_free(CONTEXT(kc), auth_context);
+
     return 0;
 }
 

appl/kx/kx.1

@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kx
-.Nd
+.Nd securely forward X conections
-securely forward X conections
 .Sh SYNOPSIS
 .Ar kx
 .Op Fl l Ar username

appl/kx/kx.c

@@ -428,7 +428,7 @@ doit_active (kx_context *kc)
 
     tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
     if (tmp2 < 0)
-	return 1;
+	errx(1, "Failed to open sockets");
     display_num = tmp2;
     if (kc->tcp_flag)
 	snprintf (display, display_size, "localhost:%u", display_num);
@@ -436,10 +436,9 @@ doit_active (kx_context *kc)
 	snprintf (display, display_size, ":%u", display_num);
     error = create_and_write_cookie (xauthfile, xauthfile_size,
 				     cookie, cookie_len);
-    if (error) {
+    if (error)
-	warnx ("failed creating cookie file: %s", strerror(error));
+	errx(1, "failed creating cookie file: %s", strerror(error));
-	return 1;
+
-    }
     status_output (kc->debug_flag);
     for (;;) {
 	fd_set fdset;

appl/kx/kxd.8

@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kxd
-.Nd
+.Nd securely forward X conections
-securely forward X conections
 .Sh SYNOPSIS
 .Ar kxd
 .Op Fl t

appl/kx/kxd.c

@@ -99,6 +99,7 @@ cleanup(int nsockets, struct x_socket *sockets)
 	    free (sockets[i].pathname);
 	}
     }
+    free(sockets);
 }
 
 /*
@@ -170,11 +171,17 @@ recv_conn (int sock, kx_context *kc,
      if (*p != INIT)
 	 fatal(kc, sock, "Bad message");
      p++;
+     if ((p - msg) < sizeof(msg))
+	 fatal(kc, sock, "user");
+
      p += kx_get_int (p, &tmp32, 4, 0);
-     len = min(sizeof(user), tmp32);
+     if (tmp32 >= sizeof(user) - 1)
-     memcpy (user, p, len);
+	 fatal(kc, sock, "user name too long");
+     if ((p - msg) + tmp32 >= sizeof(msg))
+	 fatal(kc, sock, "user too long");
+     memcpy (user, p, tmp32);
      p += tmp32;
-     user[len] = '\0';
+     user[tmp32] = '\0';
 
      passwd = k_getpwnam (user);
      if (passwd == NULL)
@@ -184,6 +191,9 @@ recv_conn (int sock, kx_context *kc,
 	 fatal (kc, sock, "%s not allowed to login as %s",
 		kc->user, user);
 
+     if ((p - msg) >= sizeof(msg))
+	 fatal(kc, sock, "user too long");
+
      flags = *p++;
 
      if (flags & PASSIVE) {
@@ -239,15 +249,17 @@ recv_conn (int sock, kx_context *kc,
      umask(077);
      if (!(flags & PASSIVE)) {
 	 p += kx_get_int (p, &tmp32, 4, 0);
-	 len = min(tmp32, display_size);
+	 if (tmp32 > display_size)
-	 memcpy (display, p, len);
+	     fatal(kc, sock, "display too large");
-	 display[len] = '\0';
+	 if ((p - msg) + tmp32 + 8 >= sizeof(msg))
+	     fatal(kc, sock, "user too long");
+	 memcpy (display, p, tmp32);
+	 display[tmp32] = '\0';
 	 p += tmp32;
 	 p += kx_get_int (p, &tmp32, 4, 0);
 	 len = min(tmp32, xauthfile_size);
 	 memcpy (xauthfile, p, len);
 	 xauthfile[len] = '\0';
-	 p += tmp32;
      }
 #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
      if (flags & KEEP_ALIVE) {
@@ -760,7 +772,7 @@ main (int argc, char **argv)
     }
 
     if (!inetd_flag)
-	mini_inetd (port);
+	mini_inetd (port, NULL);
 
      signal (SIGCHLD, childhandler);
      return doit(STDIN_FILENO, tcp_flag);

appl/kx/rxtelnet.1

@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm rxtelnet
-.Nd
+.Nd start a telnet and forward X-connections.
-start a telnet and forward X-connections.
 .Sh SYNOPSIS
 .Nm rxtelnet
 .Op Fl l Ar username

appl/kx/rxterm.1

@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm rxterm
-.Nd
+.Nd start a secure remote xterm
-start a secure remote xterm
 .Sh SYNOPSIS
 .Nm rxterm
 .Op Fl l Ar username

appl/kx/tenletxr.1

@@ -36,8 +36,7 @@
 .Os KTH_KRB
 .Sh NAME
 .Nm tenletxr
-.Nd
+.Nd forward X-connections backwards.
-forward X-connections backwards.
 .Sh SYNOPSIS
 .Nm tenletxr
 .Op Fl l Ar username

appl/login/Makefile.am

@@ -12,7 +12,7 @@ login_SOURCES =					\
 		login.c				\
 		login_access.c			\
 		login_locl.h			\
-		login_protos.h			\
+		login-protos.h			\
 		loginpaths.h			\
 		limits_conf.c			\
 		osfc2.c				\
@@ -32,9 +32,9 @@ LDADD = $(LIB_otp) \
 	$(LIB_security) \
 	$(DBLIB)
 
-$(srcdir)/login_protos.h:
+$(srcdir)/login-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
+	cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h
 
-$(login_OBJECTS): $(srcdir)/login_protos.h
+$(login_OBJECTS): $(srcdir)/login-protos.h
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/login/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\login 
+
+!include ../../windows/NTMakefile.w32 
+

appl/login/env.c

@@ -82,7 +82,7 @@ copy_env(void)
 	extend_env(*p);
 }
 
-int
+void
 login_read_env(const char *file)
 {
     char **newenv;
@@ -93,11 +93,13 @@ login_read_env(const char *file)
     i = read_environment(file, &newenv);
     for (j = 0; j < i; j++) {
 	p = strchr(newenv[j], '=');
+	if (p == NULL)
+	    errx(1, "%s: missing = in string %s",
+		 file, newenv[j]);
 	*p++ = 0;
 	add_env(newenv[j], p);
 	*--p = '=';
 	free(newenv[j]);
     }
     free(newenv);
-    return 0;
 }

appl/login/login.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm login
-.Nd
+.Nd authenticate a user and start new session
-authenticate a user and start new session
 .Sh SYNOPSIS
 .Nm
 .Op Fl fp

appl/login/login.access.5

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm login.access
-.Nd
+.Nd login access control table
-login access control table
 .Sh DESCRIPTION
 The
 .Nm login.access

appl/login/login_locl.h

@@ -150,6 +150,6 @@ struct spwd;
 extern char **env;
 extern int num_env;
 
-#include "login_protos.h"
+#include "login-protos.h"
 
 #endif /* __LOGIN_LOCL_H__ */

appl/otp/Makefile.am

@@ -7,12 +7,11 @@ AM_CPPFLAGS += $(INCLUDE_hcrypto)
 bin_PROGRAMS = otp otpprint
 bin_SUIDS = otp
 otp_SOURCES = otp.c otp_locl.h
+otp_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
 otpprint_SOURCES = otpprint.c otp_locl.h
 
+otpprint_LDADD  = $(LIB_hcrypto) $(LIB_roken) $(top_builddir)/lib/otp/libotp.la
+
 man_MANS = otp.1  otpprint.1
 
-LDADD = \
+EXTRA_DIST = NTMakefile $(man_MANS)
-	$(top_builddir)/lib/otp/libotp.la	\
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)

appl/otp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\otp 
+
+!include ../../windows/NTMakefile.w32 
+

appl/otp/otp.1

@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm otp
-.Nd
+.Nd manages one-time passwords
-manages one-time passwords
 .Sh SYNOPSIS
 .Nm otp
 .Op Fl dhlor

appl/otp/otpprint.1

@@ -36,8 +36,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm otpprint
-.Nd
+.Nd print lists of one-time passwords
-print lists of one-time passwords
 .Sh SYNOPSIS
 .Nm otp
 .Op Fl n Ar count

appl/popper/Makefile.am

@@ -44,6 +44,6 @@ LDADD = \
 
 man_MANS = popper.8
 
-EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
+EXTRA_DIST = NTMakefile pop3.rfc1081 pop3e.rfc1082 \
 	popper.README.release README-FIRST \
 	$(man_MANS)

appl/popper/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\popper 
+
+!include ../../windows/NTMakefile.w32 
+

appl/popper/pop_auth.h

@@ -52,9 +52,6 @@ void pop_auth_set_error(const char *message);
 #ifdef KRB5
 extern struct auth_mech gssapi_mech;
 #endif
-#ifdef KRB4
-extern struct auth_mech krb4_mech;
-#endif
 
 
 #endif /* __pop_auth_h__ */

appl/popper/pop_debug.c

@@ -103,6 +103,7 @@ doit_v5 (char *host, int port)
     krb5_auth_context auth_context = NULL;
     krb5_principal server;
     int s = get_socket (host, port);
+    const char *estr;
 
     ret = krb5_init_context (&context);
     if (ret)
@@ -114,8 +115,9 @@ doit_v5 (char *host, int port)
 				   KRB5_NT_SRV_HST,
 				   &server);
     if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
+	estr = krb5_get_error_message(context, ret);
-	       krb5_get_err_text (context, ret));
+	warnx ("krb5_sname_to_principal: %s", estr);
+	krb5_free_error_message(context, estr);
 	return 1;
     }
     ret = krb5_sendauth (context,
@@ -132,8 +134,9 @@ doit_v5 (char *host, int port)
 			 NULL,
 			 NULL);
     if (ret) {
-	 warnx ("krb5_sendauth: %s",
+	estr = krb5_get_error_message(context, ret);
-		krb5_get_err_text (context, ret));
+	warnx ("krb5_sendauth: %s", estr);
+	krb5_free_error_message(context, estr);
 	return 1;
     }
     loop (s);

appl/popper/pop_init.c

@@ -57,6 +57,7 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
     krb5_auth_context auth_context = NULL;
     uint32_t len;
     krb5_ticket *ticket;
+    const char *estr;
     char *server;
 
     if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
@@ -78,16 +79,18 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
 			 NULL,
 			 &ticket);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
+	estr = krb5_get_error_message(p->context, ret);
-		krb5_get_err_text(p->context, ret));
+	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return -1;
     }
 
 
     ret = krb5_unparse_name(p->context, ticket->server, &server);
     if(ret) {
-	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s",
+	estr = krb5_get_error_message(p->context, ret);
-		krb5_get_err_text(p->context, ret));
+	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	ret = -1;
 	goto out;
     }
@@ -301,7 +304,7 @@ pop_init(POP *p,int argcount,char **argmessage)
 	    portnum = p->kerberosp ?
 		pop_getportbyname(p, "kpop", "tcp", 1109) :
 	    pop_getportbyname(p, "pop", "tcp", 110);
-	mini_inetd (portnum);
+	mini_inetd (portnum, NULL);
     }
 
     /*  Get the address and socket of the client to whom I am speaking */

appl/popper/pop_pass.c

@@ -21,11 +21,13 @@ krb5_verify_password (POP *p)
     krb5_error_code ret;
     krb5_principal client, server;
     krb5_creds creds;
+    const char *estr;
 
     ret = krb5_get_init_creds_opt_alloc (p->context, &get_options);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s",
+	estr = krb5_get_error_message(p->context, ret);
-		krb5_get_err_text (p->context, ret));
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -37,8 +39,10 @@ krb5_verify_password (POP *p)
 
     ret = krb5_parse_name (p->context, p->user, &client);
     if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s",
+	krb5_get_init_creds_opt_free(p->context, get_options);
-		krb5_get_err_text (p->context, ret));
+	estr = krb5_get_error_message(p->context, ret);
+	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", estr);
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -53,9 +57,9 @@ krb5_verify_password (POP *p)
 					get_options);
     krb5_get_init_creds_opt_free(p->context, get_options);
     if (ret) {
-	pop_log(p, POP_PRIORITY,
+	estr = krb5_get_error_message(p->context, ret);
-		"krb5_get_init_creds_password: %s",
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
-		krb5_get_err_text (p->context, ret));
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 
@@ -65,9 +69,9 @@ krb5_verify_password (POP *p)
 				   KRB5_NT_SRV_HST,
 				   &server);
     if (ret) {
-	pop_log(p, POP_PRIORITY,
+	estr = krb5_get_error_message(p->context, ret);
-		"krb5_get_init_creds_password: %s",
+	pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
-		krb5_get_err_text (p->context, ret));
+	krb5_free_error_message(p->context, estr);
 	return 1;
     }
 

appl/popper/popper.8

@@ -36,8 +36,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm popper
-.Nd
+.Nd POP3 server
-POP3 server
 .Sh SYNOPSIS
 .Nm
 .Op Fl k
@@ -47,7 +46,7 @@ POP3 server
 .Op Fl d
 .Op Fl i
 .Op Fl p Ar port
-.Op Fl -address-log= Ns Pa file
+.Op Fl Fl address-log= Ns Pa file
 .Sh DESCRIPTION
 .Nm
 serves mail via the Post Office Protocol.  Supported options include:
@@ -60,7 +59,7 @@ which authentication mode is acceptable,
 enables SASL (RFC2222),  and
 .Ar otp
 enables OTP (RFC1938) authentication. Both disable plaintext passwords.
-.It Fl -address-log= Ns Pa file
+.It Fl Fl address-log= Ns Pa file
 Logs the addresses (along with a timestamp) of all clients to the
 specified file. This can be used to implement POP-before-SMTP
 authentication.

appl/push/Makefile.am

@@ -18,7 +18,7 @@ man_MANS = push.8 pfrom.1
 
 CLEANFILES = pfrom
 
-EXTRA_DIST = pfrom.in $(man_MANS)
+EXTRA_DIST = NTMakefile pfrom.in $(man_MANS)
 
 LDADD = $(LIB_krb5) \
 	$(LIB_hcrypto) \

appl/push/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\push 
+
+!include ../../windows/NTMakefile.w32 
+

appl/push/pfrom.1

@@ -39,13 +39,13 @@
 .Nd "fetch a list of the current mail via POP"
 .Sh SYNOPSIS
 .Nm
-.Op Fl 4 | Fl -krb4
+.Op Fl 4 | Fl Fl krb4
-.Op Fl 5 | Fl -krb5
+.Op Fl 5 | Fl Fl krb5
-.Op Fl v | Fl -verbose
+.Op Fl v | Fl Fl verbose
 .Op Fl c | -count
-.Op Fl -header
+.Op Fl Fl header
 .Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port= Ns Ar port-spec
+.Fl Fl port= Ns Ar port-spec
 .Xc
 .Oc
 .Sh DESCRIPTION

appl/push/push.8

@@ -8,15 +8,15 @@
 .Nd fetch mail via POP
 .Sh SYNOPSIS
 .Nm
-.Op Fl 5 | Fl -krb5
+.Op Fl 5 | Fl Fl krb5
-.Op Fl v | Fl -verbose
+.Op Fl v | Fl Fl verbose
-.Op Fl f | Fl -fork
+.Op Fl f | Fl Fl fork
 .Op Fl l | -leave
-.Op Fl -from
+.Op Fl Fl from
 .Op Fl c | -count
-.Op Fl -headers Ns = Ns Ar headers
+.Op Fl Fl headers Ns = Ns Ar headers
 .Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port Ns = Ns Ar port-spec
+.Fl Fl port Ns = Ns Ar port-spec
 .Xc
 .Oc
 .Ar po-box
@@ -51,35 +51,35 @@ Supported options:
 .Bl -tag -width Ds
 .It Xo
 .Fl 5 ,
-.Fl -krb5
+.Fl Fl krb5
 .Xc
 use Kerberos 5 (if compiled with support for Kerberos 5)
 .It Xo
 .Fl f ,
-.Fl -fork
+.Fl Fl fork
 .Xc
 fork before starting to delete messages
 .It Xo
 .Fl l ,
-.Fl -leave
+.Fl Fl leave
 .Xc
 don't delete fetched mail
 .It Xo
-.Fl -from
+.Fl Fl from
 .Xc
 behave like from.
 .It Xo
 .Fl c ,
-.Fl -count
+.Fl Fl count
 .Xc
 first print how many messages and bytes there are.
 .It Xo
-.Fl -headers Ns = Ns Ar headers
+.Fl Fl headers Ns = Ns Ar headers
 .Xc
 a list of comma-separated headers that should get printed.
 .It Xo
 .Fl p Ar port-spec ,
-.Fl -port Ns = Ns Ar port-spec
+.Fl Fl port Ns = Ns Ar port-spec
 .Xc
 use this port instead of the default
 .Ql kpop

appl/push/push.c

@@ -34,6 +34,13 @@
 #include "push_locl.h"
 RCSID("$Id$");
 
+#if defined(_AIX) && defined(STAT)
+/*
+ * AIX defines STAT to 1 in sys/dir.h
+ */
+#  undef STAT
+#endif
+
 #ifdef KRB5
 static int use_v5 = -1;
 static krb5_context context;
@@ -517,6 +524,7 @@ do_v5 (const char *host,
     krb5_error_code ret;
     krb5_auth_context auth_context = NULL;
     krb5_principal server;
+    const char *estr;
     int s;
 
     s = do_connect (host, port, 1);
@@ -529,8 +537,9 @@ do_v5 (const char *host,
 				   KRB5_NT_SRV_HST,
 				   &server);
     if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
+	estr = krb5_get_error_message(context, ret);
-	       krb5_get_err_text (context, ret));
+	warnx ("krb5_sname_to_principal: %s", estr);
+	krb5_free_error_message(context, estr);
 	return 1;
     }
 
@@ -549,8 +558,9 @@ do_v5 (const char *host,
 			 NULL);
     krb5_free_principal (context, server);
     if (ret) {
-	warnx ("krb5_sendauth: %s",
+	estr = krb5_get_error_message(context, ret);
-	       krb5_get_err_text (context, ret));
+	warnx ("krb5_sendauth: %s", estr);
+	krb5_free_error_message(context, estr);
 	return 1;
     }
     return doit (s, host, user, filename, header_str, leavep, verbose, forkp);

appl/rcp/Makefile.am

@@ -2,14 +2,12 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
 bin_PROGRAMS = rcp
 
 rcp_SOURCES  = rcp.c util.c rcp_locl.h extern.h
 
 man_MANS = rcp.1
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)
 
 LDADD = $(LIB_roken)

appl/rcp/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\rcp 
+
+!include ../../windows/NTMakefile.w32 
+

appl/rcp/rcp.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm rcp
-.Nd
+.Nd copy file to and from remote machines
-copy file to and from remote machines
 .Sh SYNOPSIS
 .Nm rcp
 .Op Fl 45FKpxz

appl/rcp/rcp.c

@@ -318,7 +318,7 @@ syserr:			run_err("%s: %s", name, strerror(errno));
 #undef MODEMASK
 #define	MODEMASK	(S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
 		snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
-			 stb.st_mode & MODEMASK,
+			 (unsigned int)(stb.st_mode & MODEMASK),
 			 (unsigned long)stb.st_size,
 			 last);
 		write(remout, buf, strlen(buf));
@@ -384,7 +384,8 @@ rsource(char *name, struct stat *statp)
 		}
 	}
 	snprintf(path, sizeof(path),
-	    "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last);
+		 "D%04o %d %s\n",
+		 (unsigned int)(statp->st_mode & MODEMASK), 0, last);
 	write(remout, path, strlen(path));
 	if (response() < 0) {
 		closedir(dirp);

appl/rsh/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-AM_CPPFLAGS += -I$(srcdir)/../login
+AM_CPPFLAGS += -I$(srcdir)/../login $(INCLUDE_hcrypto)
 
 bin_PROGRAMS = rsh
 
@@ -25,4 +25,4 @@ LDADD = $(LIB_kafs) \
 	$(LIB_hcrypto) \
 	$(LIB_roken)
 
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = NTMakefile $(man_MANS)

appl/rsh/NTMakefile

@@ -0,0 +1,35 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=appl\rsh 
+
+!include ../../windows/NTMakefile.w32 
+