From b9f9663b3a59472e3bddb54f8dc436bdd92b0ddd Mon Sep 17 00:00:00 2001
From: Heimdal SVN import <heimdal-svn-import@nodomain.private>
Date: Fri, 17 Dec 1999 05:25:47 +0000
Subject: [PATCH] This commit was manufactured by cvs2svn to create tag
'heimdal-0-2-g'.
git-svn-id: svn://svn.h5l.se/heimdal/tags/heimdal-release/heimdal-0-2-g@7622 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
appl/ftp/ftp/ftp.1 | 1193 ---------------------
appl/ftp/ftpd/ftpd.8 | 473 --------
appl/ftp/ftpd/ftpusers.5 | 38 -
appl/kx/kx.1 | 62 --
appl/kx/kxd.8 | 54 -
appl/kx/rxtelnet.1 | 80 --
appl/kx/rxterm.1 | 77 --
appl/kx/tenletxr.1 | 61 --
appl/popper/popper.8 | 179 ----
appl/telnet/telnet/telnet.1 | 1369 ------------------------
appl/telnet/telnetd/telnetd.8 | 527 ---------
lib/des/des.1 | 186 ----
lib/des/des_crypt.3 | 379 -------
lib/gssapi/krb5/8003.c | 152 ---
lib/gssapi/krb5/ChangeLog | 48 -
lib/gssapi/krb5/Makefile.am | 46 -
lib/gssapi/krb5/accept_sec_context.c | 239 -----
lib/gssapi/krb5/acquire_cred.c | 87 --
lib/gssapi/krb5/add_oid_set_member.c | 54 -
lib/gssapi/krb5/canonicalize_name.c | 46 -
lib/gssapi/krb5/compare_name.c | 49 -
lib/gssapi/krb5/context_time.c | 64 --
lib/gssapi/krb5/create_emtpy_oid_set.c | 50 -
lib/gssapi/krb5/decapsulate.c | 100 --
lib/gssapi/krb5/delete_sec_context.c | 60 --
lib/gssapi/krb5/display_name.c | 68 --
lib/gssapi/krb5/display_status.c | 135 ---
lib/gssapi/krb5/duplicate_name.c | 55 -
lib/gssapi/krb5/encapsulate.c | 100 --
lib/gssapi/krb5/export_name.c | 48 -
lib/gssapi/krb5/external.c | 212 ----
lib/gssapi/krb5/get_mic.c | 115 --
lib/gssapi/krb5/gssapi.h | 742 -------------
lib/gssapi/krb5/gssapi_locl.h | 89 --
lib/gssapi/krb5/import_name.c | 137 ---
lib/gssapi/krb5/indicate_mechs.c | 55 -
lib/gssapi/krb5/init.c | 43 -
lib/gssapi/krb5/init_sec_context.c | 356 ------
lib/gssapi/krb5/inquire_context.c | 84 --
lib/gssapi/krb5/inquire_cred.c | 78 --
lib/gssapi/krb5/release_buffer.c | 46 -
lib/gssapi/krb5/release_cred.c | 57 -
lib/gssapi/krb5/release_name.c | 47 -
lib/gssapi/krb5/release_oid_set.c | 46 -
lib/gssapi/krb5/test_oid_set_member.c | 57 -
lib/gssapi/krb5/unwrap.c | 190 ----
lib/gssapi/krb5/v1.c | 104 --
lib/gssapi/krb5/verify_mic.c | 124 ---
lib/gssapi/krb5/wrap.c | 169 ---
lib/kafs/kafs.3 | 158 ---
lib/roken/err.hin | 71 --
lib/roken/fnmatch.hin | 49 -
lib/roken/glob.hin | 84 --
53 files changed, 9192 deletions(-)
delete mode 100644 appl/ftp/ftp/ftp.1
delete mode 100644 appl/ftp/ftpd/ftpd.8
delete mode 100644 appl/ftp/ftpd/ftpusers.5
delete mode 100644 appl/kx/kx.1
delete mode 100644 appl/kx/kxd.8
delete mode 100644 appl/kx/rxtelnet.1
delete mode 100644 appl/kx/rxterm.1
delete mode 100644 appl/kx/tenletxr.1
delete mode 100644 appl/popper/popper.8
delete mode 100644 appl/telnet/telnet/telnet.1
delete mode 100644 appl/telnet/telnetd/telnetd.8
delete mode 100644 lib/des/des.1
delete mode 100644 lib/des/des_crypt.3
delete mode 100644 lib/gssapi/krb5/8003.c
delete mode 100644 lib/gssapi/krb5/ChangeLog
delete mode 100644 lib/gssapi/krb5/Makefile.am
delete mode 100644 lib/gssapi/krb5/accept_sec_context.c
delete mode 100644 lib/gssapi/krb5/acquire_cred.c
delete mode 100644 lib/gssapi/krb5/add_oid_set_member.c
delete mode 100644 lib/gssapi/krb5/canonicalize_name.c
delete mode 100644 lib/gssapi/krb5/compare_name.c
delete mode 100644 lib/gssapi/krb5/context_time.c
delete mode 100644 lib/gssapi/krb5/create_emtpy_oid_set.c
delete mode 100644 lib/gssapi/krb5/decapsulate.c
delete mode 100644 lib/gssapi/krb5/delete_sec_context.c
delete mode 100644 lib/gssapi/krb5/display_name.c
delete mode 100644 lib/gssapi/krb5/display_status.c
delete mode 100644 lib/gssapi/krb5/duplicate_name.c
delete mode 100644 lib/gssapi/krb5/encapsulate.c
delete mode 100644 lib/gssapi/krb5/export_name.c
delete mode 100644 lib/gssapi/krb5/external.c
delete mode 100644 lib/gssapi/krb5/get_mic.c
delete mode 100644 lib/gssapi/krb5/gssapi.h
delete mode 100644 lib/gssapi/krb5/gssapi_locl.h
delete mode 100644 lib/gssapi/krb5/import_name.c
delete mode 100644 lib/gssapi/krb5/indicate_mechs.c
delete mode 100644 lib/gssapi/krb5/init.c
delete mode 100644 lib/gssapi/krb5/init_sec_context.c
delete mode 100644 lib/gssapi/krb5/inquire_context.c
delete mode 100644 lib/gssapi/krb5/inquire_cred.c
delete mode 100644 lib/gssapi/krb5/release_buffer.c
delete mode 100644 lib/gssapi/krb5/release_cred.c
delete mode 100644 lib/gssapi/krb5/release_name.c
delete mode 100644 lib/gssapi/krb5/release_oid_set.c
delete mode 100644 lib/gssapi/krb5/test_oid_set_member.c
delete mode 100644 lib/gssapi/krb5/unwrap.c
delete mode 100644 lib/gssapi/krb5/v1.c
delete mode 100644 lib/gssapi/krb5/verify_mic.c
delete mode 100644 lib/gssapi/krb5/wrap.c
delete mode 100644 lib/kafs/kafs.3
delete mode 100644 lib/roken/err.hin
delete mode 100644 lib/roken/fnmatch.hin
delete mode 100644 lib/roken/glob.hin
diff --git a/appl/ftp/ftp/ftp.1 b/appl/ftp/ftp/ftp.1
deleted file mode 100644
index e5c21f0961..0000000000
--- a/appl/ftp/ftp/ftp.1
+++ /dev/null
@@ -1,1193 +0,0 @@
-.\" $NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
-.\"
-.\" Copyright (c) 1985, 1989, 1990, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94
-.\"
-.Dd April 27, 1996
-.Dt FTP 1
-.Os BSD 4.2
-.Sh NAME
-.Nm ftp
-.Nd
-.Tn ARPANET
-file transfer program
-.Sh SYNOPSIS
-.Nm ftp
-.Op Fl t
-.Op Fl v
-.Op Fl d
-.Op Fl i
-.Op Fl n
-.Op Fl g
-.Op Fl p
-.Op Ar host
-.Sh DESCRIPTION
-.Nm Ftp
-is the user interface to the
-.Tn ARPANET
-standard File Transfer Protocol.
-The program allows a user to transfer files to and from a
-remote network site.
-.Pp
-Modifications has been made so that it almost follows the ftpsec
-Internet draft.
-.Pp
-Options may be specified at the command line, or to the
-command interpreter.
-.Bl -tag -width flag
-.It Fl t
-Enables packet tracing.
-.It Fl v
-Verbose option forces
-.Nm ftp
-to show all responses from the remote server, as well
-as report on data transfer statistics.
-.It Fl n
-Restrains
-.Nm ftp
-from attempting \*(Lqauto-login\*(Rq upon initial connection.
-If auto-login is enabled,
-.Nm ftp
-will check the
-.Pa .netrc
-(see below) file in the user's home directory for an entry describing
-an account on the remote machine.
-If no entry exists,
-.Nm ftp
-will prompt for the remote machine login name (default is the user
-identity on the local machine), and, if necessary, prompt for a password
-and an account with which to login.
-.It Fl i
-Turns off interactive prompting during
-multiple file transfers.
-.It Fl p
-Turn on passive mode.
-.It Fl d
-Enables debugging.
-.It Fl g
-Disables file name globbing.
-.El
-.Pp
-The client host with which
-.Nm ftp
-is to communicate may be specified on the command line.
-If this is done,
-.Nm ftp
-will immediately attempt to establish a connection to an
-.Tn FTP
-server on that host; otherwise,
-.Nm ftp
-will enter its command interpreter and await instructions
-from the user.
-When
-.Nm ftp
-is awaiting commands from the user the prompt
-.Ql ftp>
-is provided to the user.
-The following commands are recognized
-by
-.Nm ftp :
-.Bl -tag -width Fl
-.It Ic \&! Op Ar command Op Ar args
-Invoke an interactive shell on the local machine.
-If there are arguments, the first is taken to be a command to execute
-directly, with the rest of the arguments as its arguments.
-.It Ic \&$ Ar macro-name Op Ar args
-Execute the macro
-.Ar macro-name
-that was defined with the
-.Ic macdef
-command.
-Arguments are passed to the macro unglobbed.
-.It Ic account Op Ar passwd
-Supply a supplemental password required by a remote system for access
-to resources once a login has been successfully completed.
-If no argument is included, the user will be prompted for an account
-password in a non-echoing input mode.
-.It Ic append Ar local-file Op Ar remote-file
-Append a local file to a file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used in naming the
-remote file after being altered by any
-.Ic ntrans
-or
-.Ic nmap
-setting.
-File transfer uses the current settings for
-.Ic type ,
-.Ic format ,
-.Ic mode ,
-and
-.Ic structure .
-.It Ic ascii
-Set the file transfer
-.Ic type
-to network
-.Tn ASCII .
-This is the default type.
-.It Ic bell
-Arrange that a bell be sounded after each file transfer
-command is completed.
-.It Ic binary
-Set the file transfer
-.Ic type
-to support binary image transfer.
-.It Ic bye
-Terminate the
-.Tn FTP
-session with the remote server
-and exit
-.Nm ftp .
-An end of file will also terminate the session and exit.
-.It Ic case
-Toggle remote computer file name case mapping during
-.Ic mget
-commands.
-When
-.Ic case
-is on (default is off), remote computer file names with all letters in
-upper case are written in the local directory with the letters mapped
-to lower case.
-.It Ic \&cd Ar remote-directory
-Change the working directory on the remote machine
-to
-.Ar remote-directory .
-.It Ic cdup
-Change the remote machine working directory to the parent of the
-current remote machine working directory.
-.It Ic chmod Ar mode file-name
-Change the permission modes of the file
-.Ar file-name
-on the remote
-sytem to
-.Ar mode .
-.It Ic close
-Terminate the
-.Tn FTP
-session with the remote server, and
-return to the command interpreter.
-Any defined macros are erased.
-.It Ic \&cr
-Toggle carriage return stripping during
-ascii type file retrieval.
-Records are denoted by a carriage return/linefeed sequence
-during ascii type file transfer.
-When
-.Ic \&cr
-is on (the default), carriage returns are stripped from this
-sequence to conform with the
-.Ux
-single linefeed record
-delimiter.
-Records on
-.Pf non\- Ns Ux
-remote systems may contain single linefeeds;
-when an ascii type transfer is made, these linefeeds may be
-distinguished from a record delimiter only when
-.Ic \&cr
-is off.
-.It Ic delete Ar remote-file
-Delete the file
-.Ar remote-file
-on the remote machine.
-.It Ic debug Op Ar debug-value
-Toggle debugging mode.
-If an optional
-.Ar debug-value
-is specified it is used to set the debugging level.
-When debugging is on,
-.Nm ftp
-prints each command sent to the remote machine, preceded
-by the string
-.Ql \-\->
-.It Xo
-.Ic dir
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the directory contents in the
-directory,
-.Ar remote-directory ,
-and, optionally, placing the output in
-.Ar local-file .
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic dir
-output.
-If no directory is specified, the current working
-directory on the remote machine is used.
-If no local
-file is specified, or
-.Ar local-file
-is
-.Fl ,
-output comes to the terminal.
-.It Ic disconnect
-A synonym for
-.Ar close .
-.It Ic form Ar format
-Set the file transfer
-.Ic form
-to
-.Ar format .
-The default format is \*(Lqfile\*(Rq.
-.It Ic get Ar remote-file Op Ar local-file
-Retrieve the
-.Ar remote-file
-and store it on the local machine.
-If the local
-file name is not specified, it is given the same
-name it has on the remote machine, subject to
-alteration by the current
-.Ic case ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-The current settings for
-.Ic type ,
-.Ic form ,
-.Ic mode ,
-and
-.Ic structure
-are used while transferring the file.
-.It Ic glob
-Toggle filename expansion for
-.Ic mdelete ,
-.Ic mget
-and
-.Ic mput .
-If globbing is turned off with
-.Ic glob ,
-the file name arguments
-are taken literally and not expanded.
-Globbing for
-.Ic mput
-is done as in
-.Xr csh 1 .
-For
-.Ic mdelete
-and
-.Ic mget ,
-each remote file name is expanded
-separately on the remote machine and the lists are not merged.
-Expansion of a directory name is likely to be
-different from expansion of the name of an ordinary file:
-the exact result depends on the foreign operating system and ftp server,
-and can be previewed by doing
-.Ql mls remote-files \- .
-As a security measure, remotely globbed files that starts with
-.Sq /
-or contains
-.Sq ../ ,
-will not be automatically received. If you have interactive prompting
-turned off, these filenames will be ignored. Note:
-.Ic mget
-and
-.Ic mput
-are not meant to transfer
-entire directory subtrees of files.
-That can be done by
-transferring a
-.Xr tar 1
-archive of the subtree (in binary mode).
-.It Ic hash
-Toggle hash-sign (``#'') printing for each data block
-transferred.
-The size of a data block is 1024 bytes.
-.It Ic help Op Ar command
-Print an informative message about the meaning of
-.Ar command .
-If no argument is given,
-.Nm ftp
-prints a list of the known commands.
-.It Ic idle Op Ar seconds
-Set the inactivity timer on the remote server to
-.Ar seconds
-seconds.
-If
-.Ar seconds
-is omitted, the current inactivity timer is printed.
-.It Ic lcd Op Ar directory
-Change the working directory on the local machine.
-If
-no
-.Ar directory
-is specified, the user's home directory is used.
-.It Xo
-.Ic \&ls
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the contents of a
-directory on the remote machine.
-The listing includes any system-dependent information that the server
-chooses to include; for example, most
-.Ux
-systems will produce
-output from the command
-.Ql ls \-l .
-(See also
-.Ic nlist . )
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic \&ls
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Sq Fl ,
-the output is sent to the terminal.
-.It Ic macdef Ar macro-name
-Define a macro.
-Subsequent lines are stored as the macro
-.Ar macro-name ;
-a null line (consecutive newline characters
-in a file or
-carriage returns from the terminal) terminates macro input mode.
-There is a limit of 16 macros and 4096 total characters in all
-defined macros.
-Macros remain defined until a
-.Ic close
-command is executed.
-The macro processor interprets `$' and `\e' as special characters.
-A `$' followed by a number (or numbers) is replaced by the
-corresponding argument on the macro invocation command line.
-A `$' followed by an `i' signals that macro processor that the
-executing macro is to be looped.
-On the first pass `$i' is
-replaced by the first argument on the macro invocation command line,
-on the second pass it is replaced by the second argument, and so on.
-A `\e' followed by any character is replaced by that character.
-Use the `\e' to prevent special treatment of the `$'.
-.It Ic mdelete Op Ar remote-files
-Delete the
-.Ar remote-files
-on the remote machine.
-.It Ic mdir Ar remote-files local-file
-Like
-.Ic dir ,
-except multiple remote files may be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mdir
-output.
-.It Ic mget Ar remote-files
-Expand the
-.Ar remote-files
-on the remote machine
-and do a
-.Ic get
-for each file name thus produced.
-See
-.Ic glob
-for details on the filename expansion.
-Resulting file names will then be processed according to
-.Ic case ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-Files are transferred into the local working directory,
-which can be changed with
-.Ql lcd directory ;
-new local directories can be created with
-.Ql "\&! mkdir directory" .
-.It Ic mkdir Ar directory-name
-Make a directory on the remote machine.
-.It Ic mls Ar remote-files local-file
-Like
-.Ic nlist ,
-except multiple remote files may be specified,
-and the
-.Ar local-file
-must be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mls
-output.
-.It Ic mode Op Ar mode-name
-Set the file transfer
-.Ic mode
-to
-.Ar mode-name .
-The default mode is \*(Lqstream\*(Rq mode.
-.It Ic modtime Ar file-name
-Show the last modification time of the file on the remote machine.
-.It Ic mput Ar local-files
-Expand wild cards in the list of local files given as arguments
-and do a
-.Ic put
-for each file in the resulting list.
-See
-.Ic glob
-for details of filename expansion.
-Resulting file names will then be processed according to
-.Ic ntrans
-and
-.Ic nmap
-settings.
-.It Ic newer Ar file-name
-Get the file only if the modification time of the remote file is more
-recent that the file on the current system.
-If the file does not
-exist on the current system, the remote file is considered
-.Ic newer .
-Otherwise, this command is identical to
-.Ar get .
-.It Xo
-.Ic nlist
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a list of the files in a
-directory on the remote machine.
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic nlist
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Fl ,
-the output is sent to the terminal.
-.It Ic nmap Op Ar inpattern outpattern
-Set or unset the filename mapping mechanism.
-If no arguments are specified, the filename mapping mechanism is unset.
-If arguments are specified, remote filenames are mapped during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, local filenames are mapped during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-The mapping follows the pattern set by
-.Ar inpattern
-and
-.Ar outpattern .
-.Op Ar Inpattern
-is a template for incoming filenames (which may have already been
-processed according to the
-.Ic ntrans
-and
-.Ic case
-settings).
-Variable templating is accomplished by including the
-sequences `$1', `$2', ..., `$9' in
-.Ar inpattern .
-Use `\\' to prevent this special treatment of the `$' character.
-All other characters are treated literally, and are used to determine the
-.Ic nmap
-.Op Ar inpattern
-variable values.
-For example, given
-.Ar inpattern
-$1.$2 and the remote file name "mydata.data", $1 would have the value
-"mydata", and $2 would have the value "data".
-The
-.Ar outpattern
-determines the resulting mapped filename.
-The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
-from the
-.Ar inpattern
-template.
-The sequence `$0' is replace by the original filename.
-Additionally, the sequence
-.Ql Op Ar seq1 , Ar seq2
-is replaced by
-.Op Ar seq1
-if
-.Ar seq1
-is not a null string; otherwise it is replaced by
-.Ar seq2 .
-For example, the command
-.Pp
-.Bd -literal -offset indent -compact
-nmap $1.$2.$3 [$1,$2].[$2,file]
-.Ed
-.Pp
-would yield
-the output filename "myfile.data" for input filenames "myfile.data" and
-"myfile.data.old", "myfile.file" for the input filename "myfile", and
-"myfile.myfile" for the input filename ".myfile".
-Spaces may be included in
-.Ar outpattern ,
-as in the example: `nmap $1 sed "s/ *$//" > $1' .
-Use the `\e' character to prevent special treatment
-of the `$','[','[', and `,' characters.
-.It Ic ntrans Op Ar inchars Op Ar outchars
-Set or unset the filename character translation mechanism.
-If no arguments are specified, the filename character
-translation mechanism is unset.
-If arguments are specified, characters in
-remote filenames are translated during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, characters in
-local filenames are translated during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-Characters in a filename matching a character in
-.Ar inchars
-are replaced with the corresponding character in
-.Ar outchars .
-If the character's position in
-.Ar inchars
-is longer than the length of
-.Ar outchars ,
-the character is deleted from the file name.
-.It Ic open Ar host Op Ar port
-Establish a connection to the specified
-.Ar host
-.Tn FTP
-server.
-An optional port number may be supplied,
-in which case,
-.Nm ftp
-will attempt to contact an
-.Tn FTP
-server at that port.
-If the
-.Ic auto-login
-option is on (default),
-.Nm ftp
-will also attempt to automatically log the user in to
-the
-.Tn FTP
-server (see below).
-.It Ic passive
-Toggle passive mode. If passive mode is turned on
-(default is off), the ftp client will
-send a
-.Dv PASV
-command for all data connections instead of the usual
-.Dv PORT
-command. The
-.Dv PASV
-command requests that the remote server open a port for the data connection
-and return the address of that port. The remote server listens on that
-port and the client connects to it. When using the more traditional
-.Dv PORT
-command, the client listens on a port and sends that address to the remote
-server, who connects back to it. Passive mode is useful when using
-.Nm ftp
-through a gateway router or host that controls the directionality of
-traffic.
-(Note that though ftp servers are required to support the
-.Dv PASV
-command by RFC 1123, some do not.)
-.It Ic prompt
-Toggle interactive prompting.
-Interactive prompting
-occurs during multiple file transfers to allow the
-user to selectively retrieve or store files.
-If prompting is turned off (default is on), any
-.Ic mget
-or
-.Ic mput
-will transfer all files, and any
-.Ic mdelete
-will delete all files.
-.It Ic proxy Ar ftp-command
-Execute an ftp command on a secondary control connection.
-This command allows simultaneous connection to two remote ftp
-servers for transferring files between the two servers.
-The first
-.Ic proxy
-command should be an
-.Ic open ,
-to establish the secondary control connection.
-Enter the command "proxy ?" to see other ftp commands executable on the
-secondary connection.
-The following commands behave differently when prefaced by
-.Ic proxy :
-.Ic open
-will not define new macros during the auto-login process,
-.Ic close
-will not erase existing macro definitions,
-.Ic get
-and
-.Ic mget
-transfer files from the host on the primary control connection
-to the host on the secondary control connection, and
-.Ic put ,
-.Ic mput ,
-and
-.Ic append
-transfer files from the host on the secondary control connection
-to the host on the primary control connection.
-Third party file transfers depend upon support of the ftp protocol
-.Dv PASV
-command by the server on the secondary control connection.
-.It Ic put Ar local-file Op Ar remote-file
-Store a local file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used
-after processing according to any
-.Ic ntrans
-or
-.Ic nmap
-settings
-in naming the remote file.
-File transfer uses the
-current settings for
-.Ic type ,
-.Ic format ,
-.Ic mode ,
-and
-.Ic structure .
-.It Ic pwd
-Print the name of the current working directory on the remote
-machine.
-.It Ic quit
-A synonym for
-.Ic bye .
-.It Ic quote Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server.
-.It Ic recv Ar remote-file Op Ar local-file
-A synonym for get.
-.It Ic reget Ar remote-file Op Ar local-file
-Reget acts like get, except that if
-.Ar local-file
-exists and is
-smaller than
-.Ar remote-file ,
-.Ar local-file
-is presumed to be
-a partially transferred copy of
-.Ar remote-file
-and the transfer
-is continued from the apparent point of failure.
-This command
-is useful when transferring very large files over networks that
-are prone to dropping connections.
-.It Ic remotehelp Op Ar command-name
-Request help from the remote
-.Tn FTP
-server.
-If a
-.Ar command-name
-is specified it is supplied to the server as well.
-.It Ic remotestatus Op Ar file-name
-With no arguments, show status of remote machine.
-If
-.Ar file-name
-is specified, show status of
-.Ar file-name
-on remote machine.
-.It Xo
-.Ic rename
-.Op Ar from
-.Op Ar to
-.Xc
-Rename the file
-.Ar from
-on the remote machine, to the file
-.Ar to .
-.It Ic reset
-Clear reply queue.
-This command re-synchronizes command/reply sequencing with the remote
-ftp server.
-Resynchronization may be necessary following a violation of the ftp protocol
-by the remote server.
-.It Ic restart Ar marker
-Restart the immediately following
-.Ic get
-or
-.Ic put
-at the
-indicated
-.Ar marker .
-On
-.Ux
-systems, marker is usually a byte
-offset into the file.
-.It Ic rmdir Ar directory-name
-Delete a directory on the remote machine.
-.It Ic runique
-Toggle storing of files on the local system with unique filenames.
-If a file already exists with a name equal to the target
-local filename for a
-.Ic get
-or
-.Ic mget
-command, a ".1" is appended to the name.
-If the resulting name matches another existing file,
-a ".2" is appended to the original name.
-If this process continues up to ".99", an error
-message is printed, and the transfer does not take place.
-The generated unique filename will be reported.
-Note that
-.Ic runique
-will not affect local files generated from a shell command
-(see below).
-The default value is off.
-.It Ic send Ar local-file Op Ar remote-file
-A synonym for put.
-.It Ic sendport
-Toggle the use of
-.Dv PORT
-commands.
-By default,
-.Nm ftp
-will attempt to use a
-.Dv PORT
-command when establishing
-a connection for each data transfer.
-The use of
-.Dv PORT
-commands can prevent delays
-when performing multiple file transfers.
-If the
-.Dv PORT
-command fails,
-.Nm ftp
-will use the default data port.
-When the use of
-.Dv PORT
-commands is disabled, no attempt will be made to use
-.Dv PORT
-commands for each data transfer.
-This is useful
-for certain
-.Tn FTP
-implementations which do ignore
-.Dv PORT
-commands but, incorrectly, indicate they've been accepted.
-.It Ic site Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server as a
-.Dv SITE
-command.
-.It Ic size Ar file-name
-Return size of
-.Ar file-name
-on remote machine.
-.It Ic status
-Show the current status of
-.Nm ftp .
-.It Ic struct Op Ar struct-name
-Set the file transfer
-.Ar structure
-to
-.Ar struct-name .
-By default \*(Lqstream\*(Rq structure is used.
-.It Ic sunique
-Toggle storing of files on remote machine under unique file names.
-Remote ftp server must support ftp protocol
-.Dv STOU
-command for
-successful completion.
-The remote server will report unique name.
-Default value is off.
-.It Ic system
-Show the type of operating system running on the remote machine.
-.It Ic tenex
-Set the file transfer type to that needed to
-talk to
-.Tn TENEX
-machines.
-.It Ic trace
-Toggle packet tracing.
-.It Ic type Op Ar type-name
-Set the file transfer
-.Ic type
-to
-.Ar type-name .
-If no type is specified, the current type
-is printed.
-The default type is network
-.Tn ASCII .
-.It Ic umask Op Ar newmask
-Set the default umask on the remote server to
-.Ar newmask .
-If
-.Ar newmask
-is omitted, the current umask is printed.
-.It Xo
-.Ic user Ar user-name
-.Op Ar password
-.Op Ar account
-.Xc
-Identify yourself to the remote
-.Tn FTP
-server.
-If the
-.Ar password
-is not specified and the server requires it,
-.Nm ftp
-will prompt the user for it (after disabling local echo).
-If an
-.Ar account
-field is not specified, and the
-.Tn FTP
-server
-requires it, the user will be prompted for it.
-If an
-.Ar account
-field is specified, an account command will
-be relayed to the remote server after the login sequence
-is completed if the remote server did not require it
-for logging in.
-Unless
-.Nm ftp
-is invoked with \*(Lqauto-login\*(Rq disabled, this
-process is done automatically on initial connection to
-the
-.Tn FTP
-server.
-.It Ic verbose
-Toggle verbose mode.
-In verbose mode, all responses from
-the
-.Tn FTP
-server are displayed to the user.
-In addition,
-if verbose is on, when a file transfer completes, statistics
-regarding the efficiency of the transfer are reported.
-By default,
-verbose is on.
-.It Ic ? Op Ar command
-A synonym for help.
-.El
-.Pp
-The following command can be used with ftpsec-aware servers.
-.Bl -tag -width Fl
-.It Xo
-.Ic prot
-.Ar clear |
-.Ar safe |
-.Ar confidential |
-.Ar private
-.Xc
-Set the data protection level to the requested level.
-.El
-.Pp
-The following command can be used with ftp servers that has
-implemented the KAUTH site command.
-.Bl -tag -width Fl
-.It Ic kauth Op Ar principal
-Obtain remote tickets.
-.El
-.Pp
-Command arguments which have embedded spaces may be quoted with
-quote `"' marks.
-.Sh ABORTING A FILE TRANSFER
-To abort a file transfer, use the terminal interrupt key
-(usually Ctrl-C).
-Sending transfers will be immediately halted.
-Receiving transfers will be halted by sending a ftp protocol
-.Dv ABOR
-command to the remote server, and discarding any further data received.
-The speed at which this is accomplished depends upon the remote
-server's support for
-.Dv ABOR
-processing.
-If the remote server does not support the
-.Dv ABOR
-command, an
-.Ql ftp>
-prompt will not appear until the remote server has completed
-sending the requested file.
-.Pp
-The terminal interrupt key sequence will be ignored when
-.Nm ftp
-has completed any local processing and is awaiting a reply
-from the remote server.
-A long delay in this mode may result from the ABOR processing described
-above, or from unexpected behavior by the remote server, including
-violations of the ftp protocol.
-If the delay results from unexpected remote server behavior, the local
-.Nm ftp
-program must be killed by hand.
-.Sh FILE NAMING CONVENTIONS
-Files specified as arguments to
-.Nm ftp
-commands are processed according to the following rules.
-.Bl -enum
-.It
-If the file name
-.Sq Fl
-is specified, the
-.Ar stdin
-(for reading) or
-.Ar stdout
-(for writing) is used.
-.It
-If the first character of the file name is
-.Sq \&| ,
-the
-remainder of the argument is interpreted as a shell command.
-.Nm Ftp
-then forks a shell, using
-.Xr popen 3
-with the argument supplied, and reads (writes) from the stdout
-(stdin).
-If the shell command includes spaces, the argument
-must be quoted; e.g.
-\*(Lq" ls -lt"\*(Rq.
-A particularly
-useful example of this mechanism is: \*(Lqdir more\*(Rq.
-.It
-Failing the above checks, if ``globbing'' is enabled,
-local file names are expanded
-according to the rules used in the
-.Xr csh 1 ;
-c.f. the
-.Ic glob
-command.
-If the
-.Nm ftp
-command expects a single local file (.e.g.
-.Ic put ) ,
-only the first filename generated by the "globbing" operation is used.
-.It
-For
-.Ic mget
-commands and
-.Ic get
-commands with unspecified local file names, the local filename is
-the remote filename, which may be altered by a
-.Ic case ,
-.Ic ntrans ,
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered if
-.Ic runique
-is on.
-.It
-For
-.Ic mput
-commands and
-.Ic put
-commands with unspecified remote file names, the remote filename is
-the local filename, which may be altered by a
-.Ic ntrans
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered by the remote server if
-.Ic sunique
-is on.
-.El
-.Sh FILE TRANSFER PARAMETERS
-The FTP specification specifies many parameters which may
-affect a file transfer.
-The
-.Ic type
-may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
-\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
-.Tn PDP Ns -10's
-and
-.Tn PDP Ns -20's
-mostly).
-.Nm Ftp
-supports the ascii and image types of file transfer,
-plus local byte size 8 for
-.Ic tenex
-mode transfers.
-.Pp
-.Nm Ftp
-supports only the default values for the remaining
-file transfer parameters:
-.Ic mode ,
-.Ic form ,
-and
-.Ic struct .
-.Sh THE .netrc FILE
-The
-.Pa .netrc
-file contains login and initialization information
-used by the auto-login process.
-It resides in the user's home directory.
-The following tokens are recognized; they may be separated by spaces,
-tabs, or new-lines:
-.Bl -tag -width password
-.It Ic machine Ar name
-Identify a remote machine
-.Ar name .
-The auto-login process searches the
-.Pa .netrc
-file for a
-.Ic machine
-token that matches the remote machine specified on the
-.Nm ftp
-command line or as an
-.Ic open
-command argument.
-Once a match is made, the subsequent
-.Pa .netrc
-tokens are processed,
-stopping when the end of file is reached or another
-.Ic machine
-or a
-.Ic default
-token is encountered.
-.It Ic default
-This is the same as
-.Ic machine
-.Ar name
-except that
-.Ic default
-matches any name.
-There can be only one
-.Ic default
-token, and it must be after all
-.Ic machine
-tokens.
-This is normally used as:
-.Pp
-.Dl default login anonymous password user@site
-.Pp
-thereby giving the user
-.Ar automatic
-anonymous ftp login to
-machines not specified in
-.Pa .netrc .
-This can be overridden
-by using the
-.Fl n
-flag to disable auto-login.
-.It Ic login Ar name
-Identify a user on the remote machine.
-If this token is present, the auto-login process will initiate
-a login using the specified
-.Ar name .
-.It Ic password Ar string
-Supply a password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires a password as part
-of the login process.
-Note that if this token is present in the
-.Pa .netrc
-file for any user other
-than
-.Ar anonymous ,
-.Nm ftp
-will abort the auto-login process if the
-.Pa .netrc
-is readable by
-anyone besides the user.
-.It Ic account Ar string
-Supply an additional account password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires an additional
-account password, or the auto-login process will initiate an
-.Dv ACCT
-command if it does not.
-.It Ic macdef Ar name
-Define a macro.
-This token functions like the
-.Nm ftp
-.Ic macdef
-command functions.
-A macro is defined with the specified name; its contents begin with the
-next
-.Pa .netrc
-line and continue until a null line (consecutive new-line
-characters) is encountered.
-If a macro named
-.Ic init
-is defined, it is automatically executed as the last step in the
-auto-login process.
-.El
-.Sh ENVIRONMENT
-.Nm Ftp
-utilizes the following environment variables.
-.Bl -tag -width Fl
-.It Ev HOME
-For default location of a
-.Pa .netrc
-file, if one exists.
-.It Ev SHELL
-For default shell.
-.El
-.Sh SEE ALSO
-.Xr ftpd 8 ,
-.%T RFC2228
-.Sh HISTORY
-The
-.Nm ftp
-command appeared in
-.Bx 4.2 .
-.Sh BUGS
-Correct execution of many commands depends upon proper behavior
-by the remote server.
-.Pp
-An error in the treatment of carriage returns
-in the
-.Bx 4.2
-ascii-mode transfer code
-has been corrected.
-This correction may result in incorrect transfers of binary files
-to and from
-.Bx 4.2
-servers using the ascii type.
-Avoid this problem by using the binary image type.
diff --git a/appl/ftp/ftpd/ftpd.8 b/appl/ftp/ftpd/ftpd.8
deleted file mode 100644
index c51de1ce06..0000000000
--- a/appl/ftp/ftpd/ftpd.8
+++ /dev/null
@@ -1,473 +0,0 @@
-.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
-.\"
-.\" Copyright (c) 1985, 1988, 1991, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
-.\"
-.Dd April 19, 1997
-.Dt FTPD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm ftpd
-.Nd
-Internet File Transfer Protocol server
-.Sh SYNOPSIS
-.Nm ftpd
-.Op Fl a Ar authmode
-.Op Fl dilv
-.Op Fl g Ar umask
-.Op Fl p Ar port
-.Op Fl T Ar maxtimeout
-.Op Fl t Ar timeout
-.Op Fl u Ar default umask
-.Sh DESCRIPTION
-.Nm Ftpd
-is the
-Internet File Transfer Protocol
-server process. The server uses the
-.Tn TCP
-protocol
-and listens at the port specified in the
-.Dq ftp
-service specification; see
-.Xr services 5 .
-.Pp
-Available options:
-.Bl -tag -width Ds
-.It Fl a
-Select the level of authentication required. Kerberised login can not
-be turned off. The default is to only allow kerberised login. Other
-possibilities can be turned on by giving a string of comma separated
-flags as argument to
-.Fl a .
-Recognised flags are:
-.Bl -tag -width plain
-.It Ar plain
-Allow logging in with plaintext password. The password can be a(n) OTP
-or an ordinary password.
-.It Ar otp
-Same as
-.Ar plain ,
-but only OTP is allowed.
-.It Ar ftp
-Allow anonymous login.
-.El
-
-The following combination modes exists for backwards compatibility:
-.Bl -tag -width plain
-.It Ar none
-Same as
-.Ar plain,ftp .
-.It Ar safe
-Same as
-.Ar ftp .
-.It Ar user
-Ignored.
-.El
-.It Fl d
-Debugging information is written to the syslog using LOG_FTP.
-.It Fl g
-Anonymous users will get a umask of
-.Ar umask .
-.It Fl i
-Open a socket and wait for a connection. This is mainly used for
-debugging when ftpd isn't started by inetd.
-.It Fl l
-Each successful and failed
-.Xr ftp 1
-session is logged using syslog with a facility of LOG_FTP.
-If this option is specified twice, the retrieve (get), store (put), append,
-delete, make directory, remove directory and rename operations and
-their filename arguments are also logged.
-.It Fl p
-Use
-.Ar port
-(a service name or number) instead of the default
-.Ar ftp/tcp .
-.It Fl T
-A client may also request a different timeout period;
-the maximum period allowed may be set to
-.Ar timeout
-seconds with the
-.Fl T
-option.
-The default limit is 2 hours.
-.It Fl t
-The inactivity timeout period is set to
-.Ar timeout
-seconds (the default is 15 minutes).
-.It Fl u
-Set the initial umask to something else than the default 027.
-.It Fl v
-Verbose mode.
-.El
-.Pp
-The file
-.Pa /etc/nologin
-can be used to disable ftp access.
-If the file exists,
-.Nm
-displays it and exits.
-If the file
-.Pa /etc/ftpwelcome
-exists,
-.Nm
-prints it before issuing the
-.Dq ready
-message.
-If the file
-.Pa /etc/motd
-exists,
-.Nm
-prints it after a successful login.
-.Pp
-The ftp server currently supports the following ftp requests.
-The case of the requests is ignored.
-.Bl -column "Request" -offset indent
-.It Request Ta "Description"
-.It ABOR Ta "abort previous command"
-.It ACCT Ta "specify account (ignored)"
-.It ALLO Ta "allocate storage (vacuously)"
-.It APPE Ta "append to a file"
-.It CDUP Ta "change to parent of current working directory"
-.It CWD Ta "change working directory"
-.It DELE Ta "delete a file"
-.It HELP Ta "give help information"
-.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
-.It MKD Ta "make a directory"
-.It MDTM Ta "show last modification time of file"
-.It MODE Ta "specify data transfer" Em mode
-.It NLST Ta "give name list of files in directory"
-.It NOOP Ta "do nothing"
-.It PASS Ta "specify password"
-.It PASV Ta "prepare for server-to-server transfer"
-.It PORT Ta "specify data connection port"
-.It PWD Ta "print the current working directory"
-.It QUIT Ta "terminate session"
-.It REST Ta "restart incomplete transfer"
-.It RETR Ta "retrieve a file"
-.It RMD Ta "remove a directory"
-.It RNFR Ta "specify rename-from file name"
-.It RNTO Ta "specify rename-to file name"
-.It SITE Ta "non-standard commands (see next section)"
-.It SIZE Ta "return size of file"
-.It STAT Ta "return status of server"
-.It STOR Ta "store a file"
-.It STOU Ta "store a file with a unique name"
-.It STRU Ta "specify data transfer" Em structure
-.It SYST Ta "show operating system type of server system"
-.It TYPE Ta "specify data transfer" Em type
-.It USER Ta "specify user name"
-.It XCUP Ta "change to parent of current working directory (deprecated)"
-.It XCWD Ta "change working directory (deprecated)"
-.It XMKD Ta "make a directory (deprecated)"
-.It XPWD Ta "print the current working directory (deprecated)"
-.It XRMD Ta "remove a directory (deprecated)"
-.El
-.Pp
-The following commands are specified by RFC2228.
-.Bl -column Request -offset indent
-.It AUTH Ta "authentication/security mechanism"
-.It ADAT Ta "authentication/security data"
-.It PROT Ta "data channel protection level"
-.It PBSZ Ta "protection buffer size"
-.It MIC Ta "integrity protected command"
-.It CONF Ta "confidentiality protected command"
-.It ENC Ta "privacy protected command"
-.It CCC Ta "clear command channel"
-.El
-.Pp
-The following non-standard or
-.Tn UNIX
-specific commands are supported
-by the
-SITE request.
-.Pp
-.Bl -column Request -offset indent
-.It UMASK Ta change umask, (e.g.
-.Ic "SITE UMASK 002" )
-.It IDLE Ta set idle-timer, (e.g.
-.Ic "SITE IDLE 60" )
-.It CHMOD Ta change mode of a file (e.g.
-.Ic "SITE CHMOD 755 filename" )
-.It FIND Ta quickly find a specific file with GNU
-.Xr locate 1 .
-.It HELP Ta give help information.
-.El
-.Pp
-The following Kerberos related site commands are understood.
-.Bl -column Request -offset indent
-.It KAUTH Ta obtain remote tickets.
-.It KLIST Ta show remote tickets
-.El
-.Pp
-The remaining ftp requests specified in Internet RFC 959
-are
-recognized, but not implemented.
-MDTM and SIZE are not specified in RFC 959, but will appear in the
-next updated FTP RFC.
-.Pp
-The ftp server will abort an active file transfer only when the
-ABOR
-command is preceded by a Telnet "Interrupt Process" (IP)
-signal and a Telnet "Synch" signal in the command Telnet stream,
-as described in Internet RFC 959.
-If a
-STAT
-command is received during a data transfer, preceded by a Telnet IP
-and Synch, transfer status will be returned.
-.Pp
-.Nm Ftpd
-interprets file names according to the
-.Dq globbing
-conventions used by
-.Xr csh 1 .
-This allows users to utilize the metacharacters
-.Dq Li \&*?[]{}~ .
-.Pp
-.Nm Ftpd
-authenticates users according to these rules.
-.Pp
-.Bl -enum -offset indent
-.It
-If Kerberos authentication is used, the user must pass valid tickets
-and the principal must be allowed to login as the remote user.
-.It
-The login name must be in the password data base, and not have a null
-password (if kerberos is used the password field is not checked). In
-this case a password must be provided by the client before any file
-operations may be performed. If the user has an OTP key, the response
-from a successful USER command will include an OTP challenge. The
-client may choose to respond with a PASS command giving either a
-standard password or an OTP one-time password. The server will
-automatically determine which type of password it has been given and
-attempt to authenticate accordingly. See
-.Xr otp 1
-for more information on OTP authentication.
-.It
-The login name must not appear in the file
-.Pa /etc/ftpusers .
-.It
-The user must have a standard shell returned by
-.Xr getusershell 3 .
-.It
-If the user name appears in the file
-.Pa /etc/ftpchroot
-the session's root will be changed to the user's login directory by
-.Xr chroot 2
-as for an
-.Dq anonymous
-or
-.Dq ftp
-account (see next item). However, the user must still supply a password.
-This feature is intended as a compromise between a fully anonymous account
-and a fully privileged account. The account should also be set up as for an
-anonymous account.
-.It
-If the user name is
-.Dq anonymous
-or
-.Dq ftp ,
-an
-anonymous ftp account must be present in the password
-file (user
-.Dq ftp ) .
-In this case the user is allowed
-to log in by specifying any password (by convention an email address for
-the user should be used as the password).
-.El
-.Pp
-In the last case,
-.Nm ftpd
-takes special measures to restrict the client's access privileges.
-The server performs a
-.Xr chroot 2
-to the home directory of the
-.Dq ftp
-user.
-In order that system security is not breached, it is recommended
-that the
-.Dq ftp
-subtree be constructed with care, consider following these guidelines
-for anonymous ftp.
-
-In general all files should be owned by
-.Dq root ,
-and have non-write permissions (644 or 755 depending on the kind of
-file). No files should be owned or writable by
-.Dq ftp
-(possibly with exception for the
-.Pa ~ftp/incoming ,
-as specified below).
-.Bl -tag -width "~ftp/pub" -offset indent
-.It Pa ~ftp
-The
-.Dq ftp
-homedirectory should be owned by root.
-.It Pa ~ftp/bin
-The directory for external programs (such as
-.Xr ls 1 ) .
-These programs must either be statically linked, or you must setup an
-environment for dynamic linking when running chrooted.
-These programs will be used if present:
-.Bl -tag -width "locate" -offset indent
-.It ls
-Used when listing files.
-.It compress
-When retrieving a filename that ends in
-.Pa .Z ,
-and that file isn't present,
-.Nm
-will try to find the filename without
-.Pa .Z
-and compress it on the fly.
-.It gzip
-Same as compress, just with files ending in
-.Pa .gz .
-.It gtar
-Enables retrieval of whole directories as files ending in
-.Pa .tar .
-Can also be combined with compression. You must use GNU Tar (or some
-other that supports the
-.Fl z
-and
-.Fl Z
-flags).
-.It locate
-Will enable ``fast find'' with the
-.Ic SITE FIND
-command. You must also create a
-.Pa locatedb
-file in
-.Pa ~ftp/etc .
-.El
-.It Pa ~ftp/etc
-If you put copies of the
-.Xr passwd 5
-and
-.Xr group 5
-files here, ls will be able to produce owner names rather than
-numbers. Remember to remove any passwords from these files.
-
-The file
-.Pa motd ,
-if present, will be printed after a successful login.
-.It Pa ~ftp/dev
-Put a copy of
-.Xr /dev/null 7
-here.
-.It Pa ~ftp/pub
-Traditional place to put whatever you want to make public.
-.El
-
-If you want guests to be able to upload files, create a
-.Pa ~ftp/incoming
-directory owned by
-.Dq root ,
-and group
-.Dq ftp
-with mode 730 (make sure
-.Dq ftp
-is member of group
-.Dq ftp ) .
-The following restrictions apply to anonymous users:
-.Bl -bullet
-.It
-Directories created will have mode 700.
-.It
-Uploaded files will be created with an umask of 777, if not changed
-with the
-.Fl g
-option.
-.It
-These command are not accessible:
-.Ic DELE , RMD , RNTO , RNFR ,
-.Ic SITE UMASK ,
-and
-.Ic SITE CHMOD .
-.It
-Filenames must start with an alpha-numeric character, and consist of
-alpha-numeric characters or any of the following:
-.Li \&+
-(plus),
-.Li \&-
-(minus),
-.Li \&=
-(equal),
-.Li \&_
-(underscore),
-.Li \&.
-(period), and
-.Li \&,
-(comma).
-.El
-.Sh FILES
-.Bl -tag -width /etc/ftpwelcome -compact
-.It Pa /etc/ftpusers
-Access list for users.
-.It Pa /etc/ftpchroot
-List of normal users who should be chroot'd.
-.It Pa /etc/ftpwelcome
-Welcome notice.
-.It Pa /etc/motd
-Welcome notice after login.
-.It Pa /etc/nologin
-Displayed and access refused.
-.It Pa ~/.klogin
-Login access for Kerberos.
-.El
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr otp 1 ,
-.Xr getusershell 3 ,
-.Xr ftpusers 5 ,
-.Xr syslogd 8 ,
-.Sh STANDARDS
-.Bl -tag -compact -width "RFC 1938"
-.It Cm RFC 959
-FTP PROTOCOL SPECIFICATION
-.It Cm RFC 1938
-OTP Specification
-.It Cm RFC 2228
-FTP Security Extensions.
-.Sh BUGS
-The server must run as the super-user
-to create sockets with privileged port numbers. It maintains
-an effective user id of the logged in user, reverting to
-the super-user only when binding addresses to sockets. The
-possible security holes have been extensively
-scrutinized, but are possibly incomplete.
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
diff --git a/appl/ftp/ftpd/ftpusers.5 b/appl/ftp/ftpd/ftpusers.5
deleted file mode 100644
index 549ff5b80c..0000000000
--- a/appl/ftp/ftpd/ftpusers.5
+++ /dev/null
@@ -1,38 +0,0 @@
-.\" $Id$
-.\"
-.Dd May 7, 1997
-.Dt FTPUSERS 5
-.Os KTH-KRB
-.Sh NAME
-.Pa /etc/ftpusers
-.Nd
-FTP access list file.
-.Sh DESCRIPTION
-.Pa /etc/ftpusers
-contains a list of users that should be allowed or denied FTP
-access. Each line contains a user, optionally followed by
-.Dq allow
-(anything but
-.Dq allow
-is ignored). The semi-user
-.Dq *
-matches any user. Users that has an explicit
-.Dq allow ,
-or that does not match any line, are allowed access. Anyone else is
-denied access.
-
-Note that this is compatible with the old format, where this file
-contained a list of users that should be denied access.
-.Sh EXAMPLES
-This will deny anyone but
-.Dq foo
-and
-.Dq bar
-to use FTP:
-.Bd -literal
-foo allow
-bar allow
-*
-.Ed
-.Sh SEE ALSO
-.Xr ftpd 8
diff --git a/appl/kx/kx.1 b/appl/kx/kx.1
deleted file mode 100644
index 0566ce7388..0000000000
--- a/appl/kx/kx.1
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" $Id$
-.\"
-.Dd September 27, 1996
-.Dt KX 1
-.Os KTH-KRB
-.Sh NAME
-.Nm kx
-.Nd
-securely forward X conections
-.Sh SYNOPSIS
-.Ar kx
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl d
-.Op Fl t
-.Op Fl p Ar port
-.Op Fl P
-.Ar host
-.Sh DESCRIPTION
-The
-.Nm
-program forwards a X connection from a remote client to a local screen
-through an authenticated and encrypted stream. Options supported by
-.Nm kx :
-.Bl -tag -width Ds
-.It Fl l
-Log in on remote the host as user
-.Ar username .
-.It Fl k
-Do not enable keep-alives on the TCP connections.
-.It Fl d
-Do not fork. This is mainly useful for debugging.
-.It Fl t
-Listen not only on a UNIX-domain socket but on a TCP socket as well.
-.It Fl p
-Use the port
-.Ar port .
-.It Fl P
-Force passive mode.
-.El
-.Pp
-This program is used by
-.Nm rxtelnet
-and
-.Nm rxterm
-and you should not need to run it directly.
-.Pp
-It connects to a
-.Nm kxd
-on the host
-.Ar host
-and then will relay the traffic from the remote X clients to the local
-server. When started, it prints the display and Xauthority-file to be
-used on host
-.Ar host
-and then goes to the background, waiting for connections from the
-remote
-.Nm kxd.
-.Sh SEE ALSO
-.Xr rxtelnet 1 ,
-.Xr rxterm 1 ,
-.Xr kxd 8
diff --git a/appl/kx/kxd.8 b/appl/kx/kxd.8
deleted file mode 100644
index 6d6b45c1ab..0000000000
--- a/appl/kx/kxd.8
+++ /dev/null
@@ -1,54 +0,0 @@
-.\" $Id$
-.\"
-.Dd September 27, 1996
-.Dt KXD 8
-.Os KTH-KRB
-.Sh NAME
-.Nm kxd
-.Nd
-securely forward X conections
-.Sh SYNOPSIS
-.Ar kxd
-.Op Fl t
-.Op Fl i
-.Op Fl p Ar port
-.Sh DESCRIPTION
-This is the daemon for
-.Nm kx .
-.Pp
-Options supported by
-.Nm kxd :
-.Bl -tag -width Ds
-.It Fl t
-TCP. Normally
-.Nm kxd
-will only listen for X connections on a UNIX socket, but some machines
-(for example, Cray) have X libraries that are not able to use UNIX
-sockets and thus you need to use TCP to talk to the pseudo-xserver
-created by
-.Nm kxd.
-This option decreases the security significantly and should only be
-used when it is necessary and you have considered the consequences of
-doing so.
-.It Fl i
-Interactive. Do not expect to be started by
-.Nm inetd,
-but allocate and listen to the socket yourself. Handy for testing
-and debugging.
-.It Fl p
-Port. Listen on the port
-.Ar port .
-Only usable with
-.Fl i .
-.El
-
-.Sh EXAMPLES
-Put the following in
-.Pa /etc/inetd.conf :
-.Bd -literal
-kx stream tcp nowait root /usr/athena/libexec/kxd kxd
-.Ed
-.Sh SEE ALSO
-.Xr kx 1 ,
-.Xr rxtelnet 1 ,
-.Xr rxterm 1
diff --git a/appl/kx/rxtelnet.1 b/appl/kx/rxtelnet.1
deleted file mode 100644
index d528172592..0000000000
--- a/appl/kx/rxtelnet.1
+++ /dev/null
@@ -1,80 +0,0 @@
-.\" $Id$
-.\"
-.Dd September 27, 1996
-.Dt RXTELNET 1
-.Os KTH_KRB
-.Sh NAME
-.Nm rxtelnet
-.Nd
-start a telnet and forward X-connections.
-.Sh SYNOPSIS
-.Nm rxtelnet
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl t Ar telnet_args
-.Op Fl x Ar xterm_args
-.Op Fl w Ar term_emulator
-.Op Fl n
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program starts a
-.Nm xterm
-window with a telnet to host
-.Ar host .
-From this window you will also be able to run X clients that will be
-able to connect securily to your X server. If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disables keep-alives
-.It Fl t
-Send
-.Ar telnet_args
-as arguments to
-.Nm telnet
-.It Fl x
-Send
-.Ar xterm_args
-as arguments to
-.Nm xterm
-.It Fl w
-Use
-.Ar term_emulator
-instead of xterm.
-.It Fl n
-Do not start any terminal emulator.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-(where your display is)
-to host
-.Va bar ,
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new window with a
-.Nm telnet
-to
-.Va bar .
-In this window you will be able to start X clients.
-.El
-.Sh SEE ALSO
-.Xr rxterm 1 ,
-.Xr tenletxr 1 ,
-.Xr kx 1 ,
-.Xr kxd 8 ,
-.Xr telnet 1
diff --git a/appl/kx/rxterm.1 b/appl/kx/rxterm.1
deleted file mode 100644
index 4fde08e3b6..0000000000
--- a/appl/kx/rxterm.1
+++ /dev/null
@@ -1,77 +0,0 @@
-.\" $Id$
-.\"
-.Dd September 27, 1996
-.Dt RXTERM 1
-.Os KTH_KRB
-.Sh NAME
-.Nm rxterm
-.Nd
-start a secure remote xterm
-.Sh SYNOPSIS
-.Nm rxterm
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl r Ar rsh_args
-.Op Fl x Ar xterm_args
-.Op Fl w Ar term_emulator
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program starts a
-.Nm xterm
-window on host
-.Ar host .
-From this window you will also be able to run X clients that will be
-able to connect securily to your X server. If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disable keep-alives
-.It Fl r
-Send
-.Ar rsh_args
-as arguments to
-.Nm rsh
-.It Fl x
-Send
-.Ar xterm_args
-as arguments to
-.Nm xterm
-.It Fl w
-Use
-.Ar term_emulator
-instead of xterm.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-(where your display is)
-to host
-.Va bar ,
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new window running an
-.Nm xterm
-on host
-.Va bar .
-In this window you will be able to start X clients.
-.El
-.Sh SEE ALSO
-.Xr rxtelnet 1 ,
-.Xr tenletxr 1 ,
-.Xr kx 1 ,
-.Xr kxd 8 ,
-.Xr rsh 1
diff --git a/appl/kx/tenletxr.1 b/appl/kx/tenletxr.1
deleted file mode 100644
index 0038ca54df..0000000000
--- a/appl/kx/tenletxr.1
+++ /dev/null
@@ -1,61 +0,0 @@
-.\" $Id$
-.\"
-.Dd March 31, 1997
-.Dt TENLETXR 1
-.Os KTH_KRB
-.Sh NAME
-.Nm tenletxr
-.Nd
-forward X-connections backwards.
-.Sh SYNOPSIS
-.Nm tenletxr
-.Op Fl l Ar username
-.Op Fl k
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program
-enables forwarding of X-connections from this machine to host
-.Ar host .
-If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disables keep-alives.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-to host
-.Va bar
-(where your display is),
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new shell where you will be able to start X clients
-that will show their windows on
-.Va bar .
-.El
-.Sh BUGS
-It currently checks if you have permission to run it by checking if
-you own
-.Pa /dev/console
-on the remote host.
-.Sh SEE ALSO
-.Xr rxtelnet 1 ,
-.Xr rxterm 1 ,
-.Xr kx 1 ,
-.Xr kxd 8 ,
-.Xr telnet 1
diff --git a/appl/popper/popper.8 b/appl/popper/popper.8
deleted file mode 100644
index 30dc5b93fc..0000000000
--- a/appl/popper/popper.8
+++ /dev/null
@@ -1,179 +0,0 @@
-.\" Copyright (c) 1980 Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that this notice is preserved and that due credit is given
-.\" to the University of California at Berkeley. The name of the University
-.\" may not be used to endorse or promote products derived from this
-.\" software without specific prior written permission. This software
-.\" is provided ``as is'' without express or implied warranty.
-.\"
-.\" @(#)@(#)popper.8 2.3 2.3 (CCS) 4/2/91 Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n
-.\"
-.TH popper 8 "August 1990"
-.UC 6
-.ad
-.SH NAME
-popper \- pop 3 server
-.SH SYNOPSIS
-.B /usr/etc/popper
-[ -d ]
-[ -a ]
-[ -k ]
-[ -t trace-file]
-[ -i ]
-[ -p portnum]
-.SH DESCRIPTION
-.I Popper
-is an implementation of the Post Office Protocol server that runs on a
-variety of Unix computers to manage electronic mail for Macintosh
-and MS-DOS computers. The server was developed at the University of
-California at Berkeley and conforms fully to the specifications in RFC
-1081 and RFC 1082. The Berkeley server also has extensions to
-send electronic mail on behalf of a client.
-.PP
-The
-.B \-d
-flag sets the socket to debugging and turns on debugging. All debugging
-information is saved using syslog(8).
-.PP
-The
-.B \-t trace\-file
-flag turns on debugging and saves the trace information in
-.I trace\-file
-using fprintf(s).
-.PP
-The
-.B \-k
-flag tells popper to talk the kerberised POP protocol (KPOP).
-.PP
-The
-.B \-a
-flag tells popper not to accept any cleartext passwords, but only OTPs.
-.PP
-The
-.B \-i
-flag tells popper it has not been started by inetd and should create
-its own socket and listen on it. This is useful for debugging.
-.PP
-The
-.B \-p portnum
-flag tells popper on which port it should listen for connections when
-creating a socket.
-.SH HOW TO OBTAIN THE SERVER
-.PP
-The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
-(128.32.136.9, 128.32.206.12). It is in two files in the pub directory:
-a compressed
-tar file popper.tar.Z and a Macintosh StuffIt archive in BinHex format
-called MacPOP.sit.hqx.
-.SH THE POP TRANSACTION CYCLE
-.PP
-The Berkeley POP server is a single program (called popper) that is
-launched by inetd when it gets a service request on the POP TCP port.
-(The official port number specified in RFC 1081 for POP version 3 is
-port 110. However, some POP3 clients attempt to contact the server at
-port 109, the POP version 2 port. Unless you are running both POP2 and
-POP3 servers, you can simply define both ports for use by the POP3
-server. This is explained in the installation instructions later on.)
-The popper program initializes and verifies that the peer IP address is
-registered in the local domain, logging a warning message when a
-connection is made to a client whose IP address does not have a
-canonical name. For systems using BSD 4.3 bind, it also checks to see
-if a cannonical name lookup for the client returns the same peer IP
-address, logging a warning message if it does not. The the server
-enters the authorization state, during which the client must correctly
-identify itself by providing a valid Unix userid and password on the
-server's host machine. No other exchanges are allowed during this
-state (other than a request to quit.) If authentication fails, a
-warning message is logged and the session ends. Once the user is
-identified, popper changes its user and group ids to match that of the
-user and enters the transaction state. The server makes a temporary
-copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
-used for all subsequent transactions. These include the bulk of POP
-commands to retrieve mail, delete mail, undelete mail, and so forth. A
-Berkeley extension also allows the user to submit a mail parcel to the
-server who mails it using the sendmail program (this extension is
-supported in the HyperMail client distributed with the server). When
-the client quits, the server enters the final update state during which
-the network connection is terminated and the user's maildrop is updated
-with the (possibly) modified temporary maildrop.
-.SH LOGGING
-.PP
-The POP server uses syslog to keep a record of its activities. On
-systems with BSD 4.3 syslogging, the server logs (by default) to the
-"local0" facility at priority "notice" for all messages except
-debugging which is logged at priority "debug". The default log file is
-/usr/spool/mqueue/POPlog. These can be changed, if desired. On
-systems with 4.2 syslogging all messages are logged to the local log
-file, usually /usr/spool/mqueue/syslog.
-.SH DEBUGGING
-.PP
-The popper program will log debugging information when the -d parameter
-is specified after its invocation in the inetd.conf file. Care should
-be exercised in using this option since it generates considerable
-output in the syslog file. Alternatively, the "-t <file-name>" option
-will place debugging information into file "<file-name>" using fprintf
-instead of syslog.
-.PP
-For SunOS version 3.5, the popper program is launched by inetd from
-/etc/servers. This file does not allow you to specify command line
-arguments. Therefore, if you want to enable debugging, you can specify
-a shell script in /etc/servers to be launched instead of popper and in
-this script call popper with the desired arguments.
-.PP
-You can confirm that the POP server is running on Unix by telneting to
-port 110 (or 109 if you set it up that way). For example:
-.PP
-.nf
-%telnet myhost 110
-Trying...
-Connected to myhost.berkeley.edu.
-Escape character is '^]'.
-+OK UCB Pop server (version 1.6) at myhost starting.
-quit
-Connection closed by foreign host.
-.fi
-.SH VERSION 1.7 RELEASE NOTES
-Extensive re-write of the maildrop processing code contributed by
-Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
-possibility that the maildrop can be corrupted as the result of
-simultaneous access by two or more processes.
-.PP
-Added "pop_dropcopy" module to create a temporary maildrop from
-the existing, standard maildrop as root before the setuid and
-setgid for the user is done. This allows the temporary maildrop
-to be created in a mail spool area that is not world read-writable.
-.PP
-This version does *not* send the sendmail "From " delimiter line
-in response to a TOP or RETR command.
-.PP
-Encased all debugging code in #ifdef DEBUG constructs. This code can
-be included by specifying the DEGUG compiler flag. Note: You still
-need to use the -d or -t option to obtain debugging output.
-.SH LIMITATIONS
-The POP server copies the user's entire maildrop to /tmp and
-then operates on that copy. If the maildrop is particularly
-large, or inadequate space is available in /tmp, then the
-server will refuse to continue and terminate the connection.
-.PP
-Simultaneous modification of a single maildrop can result in
-confusing results. For example, manipulating messages in a
-maildrop using the Unix /usr/ucb/mail command while a copy of
-it is being processed by the POP server can cause the changes
-made by one program to be lost when the other terminates. This
-problem is being worked on and will be fixed in a later
-release.
-.SH FILES
-.nf
-/usr/spool/mail mail files
-/etc/inetd.conf pop program invocation
-/etc/syslog.conf logging specifications
-.fi
-.SH "SEE ALSO"
-inetd(8),
-RFC1081,
-RFC1082
-.SH AUTHORS
-Bob Campbell, Edward Moy, Austin Shelton, Marshall T Rose, and cast of
-thousands at Rand, UDel, UCI, and elsewhere
diff --git a/appl/telnet/telnet/telnet.1 b/appl/telnet/telnet/telnet.1
deleted file mode 100644
index 2b3198ec11..0000000000
--- a/appl/telnet/telnet/telnet.1
+++ /dev/null
@@ -1,1369 +0,0 @@
-.\" Copyright (c) 1983, 1990, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)telnet.1 8.6 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNET 1
-.Os BSD 4.2
-.Sh NAME
-.Nm telnet
-.Nd user interface to the
-.Tn TELNET
-protocol
-.Sh SYNOPSIS
-.Nm telnet
-.Op Fl 78EFKLacdfrx
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl e Ar escapechar
-.Op Fl k Ar realm
-.Op Fl l Ar user
-.Op Fl n Ar tracefile
-.Oo
-.Ar host
-.Op port
-.Oc
-.Sh DESCRIPTION
-The
-.Nm telnet
-command
-is used to communicate with another host using the
-.Tn TELNET
-protocol.
-If
-.Nm telnet
-is invoked without the
-.Ar host
-argument, it enters command mode,
-indicated by its prompt
-.Pq Nm telnet\&> .
-In this mode, it accepts and executes the commands listed below.
-If it is invoked with arguments, it performs an
-.Ic open
-command with those arguments.
-.Pp
-Options:
-.Bl -tag -width indent
-.It Fl 8
-Specifies an 8-bit data path. This causes an attempt to
-negotiate the
-.Dv TELNET BINARY
-option on both input and output.
-.It Fl 7
-Do not try to negotiate
-.Dv TELNET BINARY
-option.
-.It Fl E
-Stops any character from being recognized as an escape character.
-.It Fl F
-If Kerberos V5 authentication is being used, the
-.Fl F
-option allows the local credentials to be forwarded
-to the remote system, including any credentials that
-have already been forwarded into the local environment.
-.It Fl K
-Specifies no automatic login to the remote system.
-.It Fl L
-Specifies an 8-bit data path on output. This causes the
-BINARY option to be negotiated on output.
-.It Fl S Ar tos
-Sets the IP type-of-service (TOS) option for the telnet
-connection to the value
-.Ar tos,
-which can be a numeric TOS value
-or, on systems that support it, a symbolic
-TOS name found in the /etc/iptos file.
-.It Fl X Ar atype
-Disables the
-.Ar atype
-type of authentication.
-.It Fl a
-Attempt automatic login.
-Currently, this sends the user name via the
-.Ev USER
-variable
-of the
-.Ev ENVIRON
-option if supported by the remote system.
-The name used is that of the current user as returned by
-.Xr getlogin 2
-if it agrees with the current user ID,
-otherwise it is the name associated with the user ID.
-.It Fl c
-Disables the reading of the user's
-.Pa \&.telnetrc
-file. (See the
-.Ic toggle skiprc
-command on this man page.)
-.It Fl d
-Sets the initial value of the
-.Ic debug
-toggle to
-.Dv TRUE
-.It Fl e Ar escape char
-Sets the initial
-.Nm
-.Nm telnet
-escape character to
-.Ar escape char.
-If
-.Ar escape char
-is omitted, then
-there will be no escape character.
-.It Fl f
-If Kerberos V5 authentication is being used, the
-.Fl f
-option allows the local credentials to be forwarded to the remote system.
-.ne 1i
-.It Fl k Ar realm
-If Kerberos authentication is being used, the
-.Fl k
-option requests that telnet obtain tickets for the remote host in
-realm realm instead of the remote host's realm, as determined
-by
-.Xr krb_realmofhost 3 .
-.It Fl l Ar user
-When connecting to the remote system, if the remote system
-understands the
-.Ev ENVIRON
-option, then
-.Ar user
-will be sent to the remote system as the value for the variable USER.
-This option implies the
-.Fl a
-option.
-This option may also be used with the
-.Ic open
-command.
-.It Fl n Ar tracefile
-Opens
-.Ar tracefile
-for recording trace information.
-See the
-.Ic set tracefile
-command below.
-.It Fl r
-Specifies a user interface similar to
-.Xr rlogin 1 .
-In this
-mode, the escape character is set to the tilde (~) character,
-unless modified by the -e option.
-.It Fl x
-Turns on encryption of the data stream if possible. This is
-currently the default and when it fails a warning is issued.
-.It Ar host
-Indicates the official name, an alias, or the Internet address
-of a remote host.
-.It Ar port
-Indicates a port number (address of an application). If a number is
-not specified, the default
-.Nm telnet
-port is used.
-.El
-.Pp
-When in rlogin mode, a line of the form ~. disconnects from the
-remote host; ~ is the telnet escape character.
-Similarly, the line ~^Z suspends the telnet session.
-The line ~^] escapes to the normal telnet escape prompt.
-.Pp
-Once a connection has been opened,
-.Nm telnet
-will attempt to enable the
-.Dv TELNET LINEMODE
-option.
-If this fails, then
-.Nm telnet
-will revert to one of two input modes:
-either \*(Lqcharacter at a time\*(Rq
-or \*(Lqold line by line\*(Rq
-depending on what the remote system supports.
-.Pp
-When
-.Dv LINEMODE
-is enabled, character processing is done on the
-local system, under the control of the remote system. When input
-editing or character echoing is to be disabled, the remote system
-will relay that information. The remote system will also relay
-changes to any special characters that happen on the remote
-system, so that they can take effect on the local system.
-.Pp
-In \*(Lqcharacter at a time\*(Rq mode, most
-text typed is immediately sent to the remote host for processing.
-.Pp
-In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
-and (normally) only completed lines are sent to the remote host.
-The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
-to turn off and on the local echo
-(this would mostly be used to enter passwords
-without the password being echoed).
-.Pp
-If the
-.Dv LINEMODE
-option is enabled, or if the
-.Ic localchars
-toggle is
-.Dv TRUE
-(the default for \*(Lqold line by line\*(Lq; see below),
-the user's
-.Ic quit ,
-.Ic intr ,
-and
-.Ic flush
-characters are trapped locally, and sent as
-.Tn TELNET
-protocol sequences to the remote side.
-If
-.Dv LINEMODE
-has ever been enabled, then the user's
-.Ic susp
-and
-.Ic eof
-are also sent as
-.Tn TELNET
-protocol sequences,
-and
-.Ic quit
-is sent as a
-.Dv TELNET ABORT
-instead of
-.Dv BREAK
-There are options (see
-.Ic toggle
-.Ic autoflush
-and
-.Ic toggle
-.Ic autosynch
-below)
-which cause this action to flush subsequent output to the terminal
-(until the remote host acknowledges the
-.Tn TELNET
-sequence) and flush previous terminal input
-(in the case of
-.Ic quit
-and
-.Ic intr ) .
-.Pp
-While connected to a remote host,
-.Nm telnet
-command mode may be entered by typing the
-.Nm telnet
-\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
-When in command mode, the normal terminal editing conventions are available.
-.Pp
-The following
-.Nm telnet
-commands are available.
-Only enough of each command to uniquely identify it need be typed
-(this is also true for arguments to the
-.Ic mode ,
-.Ic set ,
-.Ic toggle ,
-.Ic unset ,
-.Ic slc ,
-.Ic environ ,
-and
-.Ic display
-commands).
-.Pp
-.Bl -tag -width "mode type"
-.It Ic auth Ar argument ...
-The auth command manipulates the information sent through the
-.Dv TELNET AUTHENTICATE
-option. Valid arguments for the
-auth command are as follows:
-.Bl -tag -width "disable type"
-.It Ic disable Ar type
-Disables the specified type of authentication. To
-obtain a list of available types, use the
-.Ic auth disable \&?
-command.
-.It Ic enable Ar type
-Enables the specified type of authentication. To
-obtain a list of available types, use the
-.Ic auth enable \&?
-command.
-.It Ic status
-Lists the current status of the various types of
-authentication.
-.El
-.It Ic close
-Close a
-.Tn TELNET
-session and return to command mode.
-.It Ic display Ar argument ...
-Displays all, or some, of the
-.Ic set
-and
-.Ic toggle
-values (see below).
-.It Ic encrypt Ar argument ...
-The encrypt command manipulates the information sent through the
-.Dv TELNET ENCRYPT
-option.
-.Pp
-Note: Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside of the United States and Canada.
-.Pp
-Valid arguments for the encrypt command are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
-Disables the specified type of encryption. If you
-omit the input and output, both input and output
-are disabled. To obtain a list of available
-types, use the
-.Ic encrypt disable \&?
-command.
-.It Ic enable Ar type Ic [input|output]
-Enables the specified type of encryption. If you
-omit input and output, both input and output are
-enabled. To obtain a list of available types, use the
-.Ic encrypt enable \&?
-command.
-.It Ic input
-This is the same as the
-.Ic encrypt start input
-command.
-.It Ic -input
-This is the same as the
-.Ic encrypt stop input
-command.
-.It Ic output
-This is the same as the
-.Ic encrypt start output
-command.
-.It Ic -output
-This is the same as the
-.Ic encrypt stop output
-command.
-.It Ic start Ic [input|output]
-Attempts to start encryption. If you omit
-.Ic input
-and
-.Ic output,
-both input and output are enabled. To
-obtain a list of available types, use the
-.Ic encrypt enable \&?
-command.
-.It Ic status
-Lists the current status of encryption.
-.It Ic stop Ic [input|output]
-Stops encryption. If you omit input and output,
-encryption is on both input and output.
-.It Ic type Ar type
-Sets the default type of encryption to be used
-with later
-.Ic encrypt start
-or
-.Ic encrypt stop
-commands.
-.El
-.It Ic environ Ar arguments...
-The
-.Ic environ
-command is used to manipulate the
-the variables that my be sent through the
-.Dv TELNET ENVIRON
-option.
-The initial set of variables is taken from the users
-environment, with only the
-.Ev DISPLAY
-and
-.Ev PRINTER
-variables being exported by default.
-The
-.Ev USER
-variable is also exported if the
-.Fl a
-or
-.Fl l
-options are used.
-.br
-Valid arguments for the
-.Ic environ
-command are:
-.Bl -tag -width Fl
-.It Ic define Ar variable value
-Define the variable
-.Ar variable
-to have a value of
-.Ar value.
-Any variables defined by this command are automatically exported.
-The
-.Ar value
-may be enclosed in single or double quotes so
-that tabs and spaces may be included.
-.It Ic undefine Ar variable
-Remove
-.Ar variable
-from the list of environment variables.
-.It Ic export Ar variable
-Mark the variable
-.Ar variable
-to be exported to the remote side.
-.It Ic unexport Ar variable
-Mark the variable
-.Ar variable
-to not be exported unless
-explicitly asked for by the remote side.
-.It Ic list
-List the current set of environment variables.
-Those marked with a
-.Cm *
-will be sent automatically,
-other variables will only be sent if explicitly requested.
-.It Ic \&?
-Prints out help information for the
-.Ic environ
-command.
-.El
-.It Ic logout
-Sends the
-.Dv TELNET LOGOUT
-option to the remote side.
-This command is similar to a
-.Ic close
-command; however, if the remote side does not support the
-.Dv LOGOUT
-option, nothing happens.
-If, however, the remote side does support the
-.Dv LOGOUT
-option, this command should cause the remote side to close the
-.Tn TELNET
-connection.
-If the remote side also supports the concept of
-suspending a user's session for later reattachment,
-the logout argument indicates that you
-should terminate the session immediately.
-.It Ic mode Ar type
-.Ar Type
-is one of several options, depending on the state of the
-.Tn TELNET
-session.
-The remote host is asked for permission to go into the requested mode.
-If the remote host is capable of entering that mode, the requested
-mode will be entered.
-.Bl -tag -width Ar
-.It Ic character
-Disable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then enter \*(Lqcharacter at a time\*(Lq mode.
-.It Ic line
-Enable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
-.It Ic isig Pq Ic \-isig
-Attempt to enable (disable) the
-.Dv TRAPSIG
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic edit Pq Ic \-edit
-Attempt to enable (disable) the
-.Dv EDIT
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic softtabs Pq Ic \-softtabs
-Attempt to enable (disable) the
-.Dv SOFT_TAB
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.ne 1i
-.It Ic litecho Pq Ic \-litecho
-Attempt to enable (disable) the
-.Dv LIT_ECHO
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic \&?
-Prints out help information for the
-.Ic mode
-command.
-.El
-.It Xo
-.Ic open Ar host
-.Oo Op Fl l
-.Ar user
-.Oc Ns Oo Fl
-.Ar port Oc
-.Xc
-Open a connection to the named host.
-If no port number
-is specified,
-.Nm telnet
-will attempt to contact a
-.Tn TELNET
-server at the default port.
-The host specification may be either a host name (see
-.Xr hosts 5 )
-or an Internet address specified in the \*(Lqdot notation\*(Rq (see
-.Xr inet 3 ) .
-The
-.Op Fl l
-option may be used to specify the user name
-to be passed to the remote system via the
-.Ev ENVIRON
-option.
-When connecting to a non-standard port,
-.Nm telnet
-omits any automatic initiation of
-.Tn TELNET
-options. When the port number is preceded by a minus sign,
-the initial option negotiation is done.
-After establishing a connection, the file
-.Pa \&.telnetrc
-in the
-users home directory is opened. Lines beginning with a # are
-comment lines. Blank lines are ignored. Lines that begin
-without white space are the start of a machine entry. The
-first thing on the line is the name of the machine that is
-being connected to. The rest of the line, and successive
-lines that begin with white space are assumed to be
-.Nm telnet
-commands and are processed as if they had been typed
-in manually to the
-.Nm telnet
-command prompt.
-.It Ic quit
-Close any open
-.Tn TELNET
-session and exit
-.Nm telnet .
-An end of file (in command mode) will also close a session and exit.
-.It Ic send Ar arguments
-Sends one or more special character sequences to the remote host.
-The following are the arguments which may be specified
-(more than one argument may be specified at a time):
-.Pp
-.Bl -tag -width escape
-.It Ic abort
-Sends the
-.Dv TELNET ABORT
-(Abort
-processes)
-sequence.
-.It Ic ao
-Sends the
-.Dv TELNET AO
-(Abort Output) sequence, which should cause the remote system to flush
-all output
-.Em from
-the remote system
-.Em to
-the user's terminal.
-.It Ic ayt
-Sends the
-.Dv TELNET AYT
-(Are You There)
-sequence, to which the remote system may or may not choose to respond.
-.It Ic brk
-Sends the
-.Dv TELNET BRK
-(Break) sequence, which may have significance to the remote
-system.
-.It Ic ec
-Sends the
-.Dv TELNET EC
-(Erase Character)
-sequence, which should cause the remote system to erase the last character
-entered.
-.It Ic el
-Sends the
-.Dv TELNET EL
-(Erase Line)
-sequence, which should cause the remote system to erase the line currently
-being entered.
-.It Ic eof
-Sends the
-.Dv TELNET EOF
-(End Of File)
-sequence.
-.It Ic eor
-Sends the
-.Dv TELNET EOR
-(End of Record)
-sequence.
-.It Ic escape
-Sends the current
-.Nm telnet
-escape character (initially \*(Lq^\*(Rq).
-.It Ic ga
-Sends the
-.Dv TELNET GA
-(Go Ahead)
-sequence, which likely has no significance to the remote system.
-.It Ic getstatus
-If the remote side supports the
-.Dv TELNET STATUS
-command,
-.Ic getstatus
-will send the subnegotiation to request that the server send
-its current option status.
-.ne 1i
-.It Ic ip
-Sends the
-.Dv TELNET IP
-(Interrupt Process) sequence, which should cause the remote
-system to abort the currently running process.
-.It Ic nop
-Sends the
-.Dv TELNET NOP
-(No OPeration)
-sequence.
-.It Ic susp
-Sends the
-.Dv TELNET SUSP
-(SUSPend process)
-sequence.
-.It Ic synch
-Sends the
-.Dv TELNET SYNCH
-sequence.
-This sequence causes the remote system to discard all previously typed
-(but not yet read) input.
-This sequence is sent as
-.Tn TCP
-urgent
-data (and may not work if the remote system is a
-.Bx 4.2
-system -- if
-it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
-.It Ic do Ar cmd
-.It Ic dont Ar cmd
-.It Ic will Ar cmd
-.It Ic wont Ar cmd
-Sends the
-.Dv TELNET DO
-.Ar cmd
-sequence.
-.Ar Cmd
-can be either a decimal number between 0 and 255,
-or a symbolic name for a specific
-.Dv TELNET
-command.
-.Ar Cmd
-can also be either
-.Ic help
-or
-.Ic \&?
-to print out help information, including
-a list of known symbolic names.
-.It Ic \&?
-Prints out help information for the
-.Ic send
-command.
-.El
-.It Ic set Ar argument value
-.It Ic unset Ar argument value
-The
-.Ic set
-command will set any one of a number of
-.Nm telnet
-variables to a specific value or to
-.Dv TRUE .
-The special value
-.Ic off
-turns off the function associated with
-the variable, this is equivalent to using the
-.Ic unset
-command.
-The
-.Ic unset
-command will disable or set to
-.Dv FALSE
-any of the specified functions.
-The values of variables may be interrogated with the
-.Ic display
-command.
-The variables which may be set or unset, but not toggled, are
-listed here. In addition, any of the variables for the
-.Ic toggle
-command may be explicitly set or unset using
-the
-.Ic set
-and
-.Ic unset
-commands.
-.Bl -tag -width escape
-.It Ic ayt
-If
-.Tn TELNET
-is in localchars mode, or
-.Dv LINEMODE
-is enabled, and the status character is typed, a
-.Dv TELNET AYT
-sequence (see
-.Ic send ayt
-preceding) is sent to the
-remote host. The initial value for the "Are You There"
-character is the terminal's status character.
-.It Ic echo
-This is the value (initially \*(Lq^E\*(Rq) which, when in
-\*(Lqline by line\*(Rq mode, toggles between doing local echoing
-of entered characters (for normal processing), and suppressing
-echoing of entered characters (for entering, say, a password).
-.It Ic eof
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Rq mode, entering this character
-as the first character on a line will cause this character to be
-sent to the remote system.
-The initial value of the eof character is taken to be the terminal's
-.Ic eof
-character.
-.It Ic erase
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Sy and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EC
-sequence (see
-.Ic send
-.Ic ec
-above)
-is sent to the remote system.
-The initial value for the erase character is taken to be
-the terminal's
-.Ic erase
-character.
-.It Ic escape
-This is the
-.Nm telnet
-escape character (initially \*(Lq^[\*(Rq) which causes entry
-into
-.Nm telnet
-command mode (when connected to a remote system).
-.It Ic flushoutput
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic flushoutput
-character is typed, a
-.Dv TELNET AO
-sequence (see
-.Ic send
-.Ic ao
-above)
-is sent to the remote host.
-The initial value for the flush character is taken to be
-the terminal's
-.Ic flush
-character.
-.It Ic forw1
-.It Ic forw2
-If
-.Tn TELNET
-is operating in
-.Dv LINEMODE ,
-these are the
-characters that, when typed, cause partial lines to be
-forwarded to the remote system. The initial value for
-the forwarding characters are taken from the terminal's
-eol and eol2 characters.
-.It Ic interrupt
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic interrupt
-character is typed, a
-.Dv TELNET IP
-sequence (see
-.Ic send
-.Ic ip
-above)
-is sent to the remote host.
-The initial value for the interrupt character is taken to be
-the terminal's
-.Ic intr
-character.
-.It Ic kill
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Ic and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EL
-sequence (see
-.Ic send
-.Ic el
-above)
-is sent to the remote system.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic kill
-character.
-.It Ic lnext
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic lnext
-character.
-The initial value for the lnext character is taken to be
-the terminal's
-.Ic lnext
-character.
-.It Ic quit
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic quit
-character is typed, a
-.Dv TELNET BRK
-sequence (see
-.Ic send
-.Ic brk
-above)
-is sent to the remote host.
-The initial value for the quit character is taken to be
-the terminal's
-.Ic quit
-character.
-.It Ic reprint
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic reprint
-character.
-The initial value for the reprint character is taken to be
-the terminal's
-.Ic reprint
-character.
-.It Ic rlogin
-This is the rlogin escape character.
-If set, the normal
-.Tn TELNET
-escape character is ignored unless it is
-preceded by this character at the beginning of a line.
-This character, at the beginning of a line followed by
-a "." closes the connection; when followed by a ^Z it
-suspends the telnet command. The initial state is to
-disable the rlogin escape character.
-.It Ic start
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic start
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic start
-character.
-.It Ic stop
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic stop
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic stop
-character.
-.It Ic susp
-If
-.Nm telnet
-is in
-.Ic localchars
-mode, or
-.Dv LINEMODE
-is enabled, and the
-.Ic suspend
-character is typed, a
-.Dv TELNET SUSP
-sequence (see
-.Ic send
-.Ic susp
-above)
-is sent to the remote host.
-The initial value for the suspend character is taken to be
-the terminal's
-.Ic suspend
-character.
-.ne 1i
-.It Ic tracefile
-This is the file to which the output, caused by
-.Ic netdata
-or
-.Ic option
-tracing being
-.Dv TRUE ,
-will be written. If it is set to
-.Dq Fl ,
-then tracing information will be written to standard output (the default).
-.It Ic worderase
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic worderase
-character.
-The initial value for the worderase character is taken to be
-the terminal's
-.Ic worderase
-character.
-.It Ic \&?
-Displays the legal
-.Ic set
-.Pq Ic unset
-commands.
-.El
-.It Ic slc Ar state
-The
-.Ic slc
-command (Set Local Characters) is used to set
-or change the state of the the special
-characters when the
-.Dv TELNET LINEMODE
-option has
-been enabled. Special characters are characters that get
-mapped to
-.Tn TELNET
-commands sequences (like
-.Ic ip
-or
-.Ic quit )
-or line editing characters (like
-.Ic erase
-and
-.Ic kill ) .
-By default, the local special characters are exported.
-.Bl -tag -width Fl
-.It Ic check
-Verify the current settings for the current special characters.
-The remote side is requested to send all the current special
-character settings, and if there are any discrepancies with
-the local side, the local side will switch to the remote value.
-.It Ic export
-Switch to the local defaults for the special characters. The
-local default characters are those of the local terminal at
-the time when
-.Nm telnet
-was started.
-.It Ic import
-Switch to the remote defaults for the special characters.
-The remote default characters are those of the remote system
-at the time when the
-.Tn TELNET
-connection was established.
-.It Ic \&?
-Prints out help information for the
-.Ic slc
-command.
-.El
-.It Ic status
-Show the current status of
-.Nm telnet .
-This includes the peer one is connected to, as well
-as the current mode.
-.It Ic toggle Ar arguments ...
-Toggle (between
-.Dv TRUE
-and
-.Dv FALSE )
-various flags that control how
-.Nm telnet
-responds to events.
-These flags may be set explicitly to
-.Dv TRUE
-or
-.Dv FALSE
-using the
-.Ic set
-and
-.Ic unset
-commands listed above.
-More than one argument may be specified.
-The state of these flags may be interrogated with the
-.Ic display
-command.
-Valid arguments are:
-.Bl -tag -width Ar
-.It Ic authdebug
-Turns on debugging information for the authentication code.
-.It Ic autoflush
-If
-.Ic autoflush
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when the
-.Ic ao ,
-or
-.Ic quit
-characters are recognized (and transformed into
-.Tn TELNET
-sequences; see
-.Ic set
-above for details),
-.Nm telnet
-refuses to display any data on the user's terminal
-until the remote system acknowledges (via a
-.Dv TELNET TIMING MARK
-option)
-that it has processed those
-.Tn TELNET
-sequences.
-The initial value for this toggle is
-.Dv TRUE
-if the terminal user had not
-done an "stty noflsh", otherwise
-.Dv FALSE
-(see
-.Xr stty 1 ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically. The autoencrypt
-(autodecrypt) command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
-.sp
-.Pp
-Note: Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside the United States and Canada.
-.It Ic autologin
-If the remote side supports the
-.Dv TELNET AUTHENTICATION
-option
-.Tn TELNET
-attempts to use it to perform automatic authentication. If the
-.Dv AUTHENTICATION
-option is not supported, the user's login
-name are propagated through the
-.Dv TELNET ENVIRON
-option.
-This command is the same as specifying
-.Ar a
-option on the
-.Ic open
-command.
-.It Ic autosynch
-If
-.Ic autosynch
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when either the
-.Ic intr
-or
-.Ic quit
-characters is typed (see
-.Ic set
-above for descriptions of the
-.Ic intr
-and
-.Ic quit
-characters), the resulting
-.Tn TELNET
-sequence sent is followed by the
-.Dv TELNET SYNCH
-sequence.
-This procedure
-.Ic should
-cause the remote system to begin throwing away all previously
-typed input until both of the
-.Tn TELNET
-sequences have been read and acted upon.
-The initial value of this toggle is
-.Dv FALSE .
-.It Ic binary
-Enable or disable the
-.Dv TELNET BINARY
-option on both input and output.
-.It Ic inbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on input.
-.It Ic outbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on output.
-.It Ic crlf
-If this is
-.Dv TRUE ,
-then carriage returns will be sent as
-.Li <CR><LF> .
-If this is
-.Dv FALSE ,
-then carriage returns will be send as
-.Li <CR><NUL> .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic crmod
-Toggle carriage return mode.
-When this mode is enabled, most carriage return characters received from
-the remote host will be mapped into a carriage return followed by
-a line feed.
-This mode does not affect those characters typed by the user, only
-those received from the remote host.
-This mode is not very useful unless the remote host
-only sends carriage return, but never line feed.
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic debug
-Toggles socket level debugging (useful only to the
-.Ic super user ) .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
-.It Ic localchars
-If this is
-.Dv TRUE ,
-then the
-.Ic flush ,
-.Ic interrupt ,
-.Ic quit ,
-.Ic erase ,
-and
-.Ic kill
-characters (see
-.Ic set
-above) are recognized locally, and transformed into (hopefully) appropriate
-.Tn TELNET
-control sequences
-(respectively
-.Ic ao ,
-.Ic ip ,
-.Ic brk ,
-.Ic ec ,
-and
-.Ic el ;
-see
-.Ic send
-above).
-The initial value for this toggle is
-.Dv TRUE
-in \*(Lqold line by line\*(Rq mode,
-and
-.Dv FALSE
-in \*(Lqcharacter at a time\*(Rq mode.
-When the
-.Dv LINEMODE
-option is enabled, the value of
-.Ic localchars
-is ignored, and assumed to always be
-.Dv TRUE .
-If
-.Dv LINEMODE
-has ever been enabled, then
-.Ic quit
-is sent as
-.Ic abort ,
-and
-.Ic eof and
-.B suspend
-are sent as
-.Ic eof and
-.Ic susp ,
-see
-.Ic send
-above).
-.It Ic netdata
-Toggles the display of all network data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic options
-Toggles the display of some internal
-.Nm telnet
-protocol processing (having to do with
-.Tn TELNET
-options).
-The initial value for this toggle is
-.Dv FALSE .
-.ne 1i
-.It Ic prettydump
-When the
-.Ic netdata
-toggle is enabled, if
-.Ic prettydump
-is enabled the output from the
-.Ic netdata
-command will be formatted in a more user readable format.
-Spaces are put between each character in the output, and the
-beginning of any
-.Tn TELNET
-escape sequence is preceded by a '*' to aid in locating them.
-.It Ic skiprc
-When the skiprc toggle is
-.Dv TRUE ,
-.Tn TELNET
-skips the reading of the
-.Pa \&.telnetrc
-file in the users home
-directory when connections are opened. The initial
-value for this toggle is
-.Dv FALSE.
-.It Ic termdata
-Toggles the display of all terminal data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic verbose_encrypt
-When the
-.Ic verbose_encrypt
-toggle is
-.Dv TRUE ,
-.Tn TELNET
-prints out a message each time encryption is enabled or
-disabled. The initial value for this toggle is
-.Dv FALSE.
-Note: Because of export controls, data encryption
-is not supported outside of the United States and Canada.
-.It Ic \&?
-Displays the legal
-.Ic toggle
-commands.
-.El
-.It Ic z
-Suspend
-.Nm telnet .
-This command only works when the user is using the
-.Xr csh 1 .
-.It Ic \&! Op Ar command
-Execute a single command in a subshell on the local
-system. If
-.Ic command
-is omitted, then an interactive
-subshell is invoked.
-.It Ic \&? Op Ar command
-Get help. With no arguments,
-.Nm telnet
-prints a help summary.
-If a command is specified,
-.Nm telnet
-will print the help information for just that command.
-.El
-.Sh ENVIRONMENT
-.Nm Telnet
-uses at least the
-.Ev HOME ,
-.Ev SHELL ,
-.Ev DISPLAY ,
-and
-.Ev TERM
-environment variables.
-Other environment variables may be propagated
-to the other side via the
-.Dv TELNET ENVIRON
-option.
-.Sh FILES
-.Bl -tag -width ~/.telnetrc -compact
-.It Pa ~/.telnetrc
-user customized telnet startup values
-.El
-.Sh HISTORY
-The
-.Nm Telnet
-command appeared in
-.Bx 4.2 .
-.Sh NOTES
-.Pp
-On some remote systems, echo has to be turned off manually when in
-\*(Lqold line by line\*(Rq mode.
-.Pp
-In \*(Lqold line by line\*(Rq mode or
-.Dv LINEMODE
-the terminal's
-.Ic eof
-character is only recognized (and sent to the remote system)
-when it is the first character on a line.
diff --git a/appl/telnet/telnetd/telnetd.8 b/appl/telnet/telnetd/telnetd.8
deleted file mode 100644
index b26d8ddf16..0000000000
--- a/appl/telnet/telnetd/telnetd.8
+++ /dev/null
@@ -1,527 +0,0 @@
-.\" Copyright (c) 1983, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNETD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm telnetd
-.Nd DARPA
-.Tn TELNET
-protocol server
-.Sh SYNOPSIS
-.Nm telnetd
-.Op Fl BUhkln
-.Op Fl D Ar debugmode
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl a Ar authmode
-.Op Fl r Ns Ar lowpty-highpty
-.Op Fl u Ar len
-.Op Fl debug
-.Op Fl L Ar /bin/login
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm telnetd
-command is a server which supports the
-.Tn DARPA
-standard
-.Tn TELNET
-virtual terminal protocol.
-.Nm Telnetd
-is normally invoked by the internet server (see
-.Xr inetd 8 )
-for requests to connect to the
-.Tn TELNET
-port as indicated by the
-.Pa /etc/services
-file (see
-.Xr services 5 ) .
-The
-.Fl debug
-option may be used to start up
-.Nm telnetd
-manually, instead of through
-.Xr inetd 8 .
-If started up this way,
-.Ar port
-may be specified to run
-.Nm telnetd
-on an alternate
-.Tn TCP
-port number.
-.Pp
-The
-.Nm telnetd
-command accepts the following options:
-.Bl -tag -width "-a authmode"
-.It Fl a Ar authmode
-This option may be used for specifying what mode should
-be used for authentication.
-Note that this option is only useful if
-.Nm telnetd
-has been compiled with support for the
-.Dv AUTHENTICATION
-option.
-There are several valid values for
-.Ar authmode:
-.Bl -tag -width debug
-.It debug
-Turns on authentication debugging code.
-.It user
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user,
-and is allowed access to the specified account
-without providing a password.
-.It valid
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user.
-The
-.Xr login 1
-command will provide any additional user verification
-needed if the remote user is not allowed automatic
-access to the specified account.
-.It other
-Only allow connections that supply some authentication information.
-This option is currently not supported
-by any of the existing authentication mechanisms,
-and is thus the same as specifying
-.Fl a
-.Cm valid .
-.It otp
-Only allow authenticated connections (as with
-.Fl a
-.Cm user )
-and also logins with one-time passwords (OTPs). This option will call
-login with an option so that only OTPs are accepted. The user can of
-course still type secret information at the prompt.
-.It none
-This is the default state.
-Authentication information is not required.
-If no or insufficient authentication information
-is provided, then the
-.Xr login 1
-program will provide the necessary user
-verification.
-.It off
-This disables the authentication code.
-All user verification will happen through the
-.Xr login 1
-program.
-.El
-.It Fl B
-Ignored.
-.It Fl D Ar debugmode
-This option may be used for debugging purposes.
-This allows
-.Nm telnetd
-to print out debugging information
-to the connection, allowing the user to see what
-.Nm telnetd
-is doing.
-There are several possible values for
-.Ar debugmode:
-.Bl -tag -width exercise
-.It Cm options
-Prints information about the negotiation of
-.Tn TELNET
-options.
-.It Cm report
-Prints the
-.Cm options
-information, plus some additional information
-about what processing is going on.
-.It Cm netdata
-Displays the data stream received by
-.Nm telnetd.
-.It Cm ptydata
-Displays data written to the pty.
-.It Cm exercise
-Has not been implemented yet.
-.El
-.It Fl h
-Disables the printing of host-specific information before
-login has been completed.
-.It Fl k
-.It Fl l
-Ignored.
-.It Fl n
-Disable
-.Dv TCP
-keep-alives. Normally
-.Nm telnetd
-enables the
-.Tn TCP
-keep-alive mechanism to probe connections that
-have been idle for some period of time to determine
-if the client is still there, so that idle connections
-from machines that have crashed or can no longer
-be reached may be cleaned up.
-.It Fl r Ar lowpty-highpty
-This option is only enabled when
-.Nm telnetd
-is compiled for
-.Dv UNICOS.
-It specifies an inclusive range of pseudo-terminal devices to
-use. If the system has sysconf variable
-.Dv _SC_CRAY_NPTY
-configured, the default pty search range is 0 to
-.Dv _SC_CRAY_NPTY;
-otherwise, the default range is 0 to 128. Either
-.Ar lowpty
-or
-.Ar highpty
-may be omitted to allow changing
-either end of the search range. If
-.Ar lowpty
-is omitted, the - character is still required so that
-.Nm telnetd
-can differentiate
-.Ar highpty
-from
-.Ar lowpty .
-.It Fl S Ar tos
-.It Fl u Ar len
-This option is used to specify the size of the field
-in the
-.Dv utmp
-structure that holds the remote host name.
-If the resolved host name is longer than
-.Ar len ,
-the dotted decimal value will be used instead.
-This allows hosts with very long host names that
-overflow this field to still be uniquely identified.
-Specifying
-.Fl u0
-indicates that only dotted decimal addresses
-should be put into the
-.Pa utmp
-file.
-.ne 1i
-.It Fl U
-This option causes
-.Nm telnetd
-to refuse connections from addresses that
-cannot be mapped back into a symbolic name
-via the
-.Xr gethostbyaddr 3
-routine.
-.It Fl X Ar authtype
-This option is only valid if
-.Nm telnetd
-has been built with support for the authentication option.
-It disables the use of
-.Ar authtype
-authentication, and
-can be used to temporarily disable
-a specific authentication type without having to recompile
-.Nm telnetd .
-.It Fl L pathname
-Specify pathname to an alternative login program.
-.El
-.Pp
-.Nm Telnetd
-operates by allocating a pseudo-terminal device (see
-.Xr pty 4 )
-for a client, then creating a login process which has
-the slave side of the pseudo-terminal as
-.Dv stdin ,
-.Dv stdout
-and
-.Dv stderr .
-.Nm Telnetd
-manipulates the master side of the pseudo-terminal,
-implementing the
-.Tn TELNET
-protocol and passing characters
-between the remote client and the login process.
-.Pp
-When a
-.Tn TELNET
-session is started up,
-.Nm telnetd
-sends
-.Tn TELNET
-options to the client side indicating
-a willingness to do the
-following
-.Tn TELNET
-options, which are described in more detail below:
-.Bd -literal -offset indent
-DO AUTHENTICATION
-WILL ENCRYPT
-DO TERMINAL TYPE
-DO TSPEED
-DO XDISPLOC
-DO NEW-ENVIRON
-DO ENVIRON
-WILL SUPPRESS GO AHEAD
-DO ECHO
-DO LINEMODE
-DO NAWS
-WILL STATUS
-DO LFLOW
-DO TIMING-MARK
-.Ed
-.Pp
-The pseudo-terminal allocated to the client is configured
-to operate in \*(lqcooked\*(rq mode, and with
-.Dv XTABS and
-.Dv CRMOD
-enabled (see
-.Xr tty 4 ) .
-.Pp
-.Nm Telnetd
-has support for enabling locally the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "WILL ECHO"
-When the
-.Dv LINEMODE
-option is enabled, a
-.Dv WILL ECHO
-or
-.Dv WONT ECHO
-will be sent to the client to indicate the
-current state of terminal echoing.
-When terminal echo is not desired, a
-.Dv WILL ECHO
-is sent to indicate that
-.Tn telnetd
-will take care of echoing any data that needs to be
-echoed to the terminal, and then nothing is echoed.
-When terminal echo is desired, a
-.Dv WONT ECHO
-is sent to indicate that
-.Tn telnetd
-will not be doing any terminal echoing, so the
-client should do any terminal echoing that is needed.
-.It "WILL BINARY"
-Indicates that the client is willing to send a
-8 bits of data, rather than the normal 7 bits
-of the Network Virtual Terminal.
-.It "WILL SGA"
-Indicates that it will not be sending
-.Dv IAC GA,
-go ahead, commands.
-.It "WILL STATUS"
-Indicates a willingness to send the client, upon
-request, of the current status of all
-.Tn TELNET
-options.
-.It "WILL TIMING-MARK"
-Whenever a
-.Dv DO TIMING-MARK
-command is received, it is always responded
-to with a
-.Dv WILL TIMING-MARK
-.ne 1i
-.It "WILL LOGOUT"
-When a
-.Dv DO LOGOUT
-is received, a
-.Dv WILL LOGOUT
-is sent in response, and the
-.Tn TELNET
-session is shut down.
-.It "WILL ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Pp
-.Nm Telnetd
-has support for enabling remotely the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "DO BINARY"
-Sent to indicate that
-.Tn telnetd
-is willing to receive an 8 bit data stream.
-.It "DO LFLOW"
-Requests that the client handle flow control
-characters remotely.
-.It "DO ECHO"
-This is not really supported, but is sent to identify a 4.2BSD
-.Xr telnet 1
-client, which will improperly respond with
-.Dv WILL ECHO.
-If a
-.Dv WILL ECHO
-is received, a
-.Dv DONT ECHO
-will be sent in response.
-.It "DO TERMINAL-TYPE"
-Indicates a desire to be able to request the
-name of the type of terminal that is attached
-to the client side of the connection.
-.It "DO SGA"
-Indicates that it does not need to receive
-.Dv IAC GA,
-the go ahead command.
-.It "DO NAWS"
-Requests that the client inform the server when
-the window (display) size changes.
-.It "DO TERMINAL-SPEED"
-Indicates a desire to be able to request information
-about the speed of the serial line to which
-the client is attached.
-.It "DO XDISPLOC"
-Indicates a desire to be able to request the name
-of the X windows display that is associated with
-the telnet client.
-.It "DO NEW-ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1572.
-.It "DO ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1408.
-.It "DO LINEMODE"
-Only sent if
-.Nm telnetd
-is compiled with support for linemode, and
-requests that the client do line by line processing.
-.It "DO TIMING-MARK"
-Only sent if
-.Nm telnetd
-is compiled with support for both linemode and
-kludge linemode, and the client responded with
-.Dv WONT LINEMODE.
-If the client responds with
-.Dv WILL TM,
-the it is assumed that the client supports
-kludge linemode.
-Note that the
-.Op Fl k
-option can be used to disable this.
-.It "DO AUTHENTICATION"
-Only sent if
-.Nm telnetd
-is compiled with support for authentication, and
-indicates a willingness to receive authentication
-information for automatic login.
-.It "DO ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.Sh ENVIRONMENT
-.Sh FILES
-.Pa /etc/services
-.br
-.Pa /etc/inittab
-(UNICOS systems only)
-.br
-.Pa /etc/iptos
-(if supported)
-.br
-.Sh "SEE ALSO"
-.Xr telnet 1 ,
-.Xr login 1
-.Sh STANDARDS
-.Bl -tag -compact -width RFC-1572
-.It Cm RFC-854
-.Tn TELNET
-PROTOCOL SPECIFICATION
-.It Cm RFC-855
-TELNET OPTION SPECIFICATIONS
-.It Cm RFC-856
-TELNET BINARY TRANSMISSION
-.It Cm RFC-857
-TELNET ECHO OPTION
-.It Cm RFC-858
-TELNET SUPPRESS GO AHEAD OPTION
-.It Cm RFC-859
-TELNET STATUS OPTION
-.It Cm RFC-860
-TELNET TIMING MARK OPTION
-.It Cm RFC-861
-TELNET EXTENDED OPTIONS - LIST OPTION
-.It Cm RFC-885
-TELNET END OF RECORD OPTION
-.It Cm RFC-1073
-Telnet Window Size Option
-.It Cm RFC-1079
-Telnet Terminal Speed Option
-.It Cm RFC-1091
-Telnet Terminal-Type Option
-.It Cm RFC-1096
-Telnet X Display Location Option
-.It Cm RFC-1123
-Requirements for Internet Hosts -- Application and Support
-.It Cm RFC-1184
-Telnet Linemode Option
-.It Cm RFC-1372
-Telnet Remote Flow Control Option
-.It Cm RFC-1416
-Telnet Authentication Option
-.It Cm RFC-1411
-Telnet Authentication: Kerberos Version 4
-.It Cm RFC-1412
-Telnet Authentication: SPX
-.It Cm RFC-1571
-Telnet Environment Option Interoperability Issues
-.It Cm RFC-1572
-Telnet Environment Option
-.Sh BUGS
-Some
-.Tn TELNET
-commands are only partially implemented.
-.Pp
-Because of bugs in the original 4.2 BSD
-.Xr telnet 1 ,
-.Nm telnetd
-performs some dubious protocol exchanges to try to discover if the remote
-client is, in fact, a 4.2 BSD
-.Xr telnet 1 .
-.Pp
-Binary mode
-has no common interpretation except between similar operating systems
-(Unix in this case).
-.Pp
-The terminal type name received from the remote client is converted to
-lower case.
-.Pp
-.Nm Telnetd
-never sends
-.Tn TELNET
-.Dv IAC GA
-(go ahead) commands.
diff --git a/lib/des/des.1 b/lib/des/des.1
deleted file mode 100644
index 734119906b..0000000000
--- a/lib/des/des.1
+++ /dev/null
@@ -1,186 +0,0 @@
-.TH DES 1
-.SH NAME
-des - encrypt or decrypt data using Data Encryption Standard
-.SH SYNOPSIS
-.B des
-(
-.B \-e
-|
-.B \-E
-) | (
-.B \-d
-|
-.B \-D
-) | (
-.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
-) |
-[
-.B \-b3hfs
-] [
-.B \-k
-.I key
-]
-] [
-.B \-u\fR[\fIuuname\fR]
-[
-.I input-file
-[
-.I output-file
-] ]
-.SH DESCRIPTION
-.B des
-encrypts and decrypts data using the
-Data Encryption Standard algorithm.
-One of
-.B \-e, \-E
-(for encrypt) or
-.B \-d, \-D
-(for decrypt) must be specified.
-It is also possible to use
-.B \-c
-or
-.B \-C
-in conjunction or instead of the a encrypt/decrypt option to generate
-a 16 character hexadecimal checksum, generated via the
-.I des_cbc_cksum.
-.LP
-Two standard encryption modes are supported by the
-.B des
-program, Cipher Block Chaining (the default) and Electronic Code Book
-(specified with
-.B \-b
-).
-.LP
-The key used for the DES
-algorithm is obtained by prompting the user unless the
-.B `\-k
-.I key'
-option is given.
-If the key is an argument to the
-.B des
-command, it is potentially visible to users executing
-.BR ps (1)
-or a derivative. To minimise this possibility,
-.B des
-takes care to destroy the key argument immediately upon entry.
-If your shell keeps a history file be careful to make sure it is not
-world readable.
-.LP
-Since this program attempts to maintain compatability with sunOS's
-des(1) command, there are 2 different methods used to convert the user
-supplied key to a des key.
-Whenever and one or more of
-.B \-E, \-D, \-C
-or
-.B \-3
-options are used, the key conversion procedure will not be compatible
-with the sunOS des(1) version but will use all the user supplied
-character to generate the des key.
-.B des
-command reads from standard input unless
-.I input-file
-is specified and writes to standard output unless
-.I output-file
-is given.
-.SH OPTIONS
-.TP
-.B \-b
-Select ECB
-(eight bytes at a time) encryption mode.
-.TP
-.B \-3
-Encrypt using triple encryption.
-By default triple cbc encryption is used but if the
-.B \-b
-option is used then triple ecb encryption is performed.
-If the key is less than 8 characters long, the flag has no effect.
-.TP
-.B \-e
-Encrypt data using an 8 byte key in a manner compatible with sunOS
-des(1).
-.TP
-.B \-E
-Encrypt data using a key of nearly unlimited length (1024 bytes).
-This will product a more secure encryption.
-.TP
-.B \-d
-Decrypt data that was encrypted with the \-e option.
-.TP
-.B \-D
-Decrypt data that was encrypted with the \-E option.
-.TP
-.B \-c
-Generate a 16 character hexadecimal cbc checksum and output this to
-stderr.
-If a filename was specified after the
-.B \-c
-option, the checksum is output to that file.
-The checksum is generated using a key generated in a sunOS compatible
-manner.
-.TP
-.B \-C
-A cbc checksum is generated in the same manner as described for the
-.B \-c
-option but the DES key is generated in the same manner as used for the
-.B \-E
-and
-.B \-D
-options
-.TP
-.B \-f
-Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B \-s
-Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B "\-k \fIkey\fP"
-Use the encryption
-.I key
-specified.
-.TP
-.B "\-h"
-The
-.I key
-is assumed to be a 16 character hexadecimal number.
-If the
-.B "\-3"
-option is used the key is assumed to be a 32 character hexadecimal
-number.
-.TP
-.B \-u
-This flag is used to read and write uuencoded files. If decrypting,
-the input file is assumed to contain uuencoded, DES encrypted data.
-If encrypting, the characters following the -u are used as the name of
-the uuencoded file to embed in the begin line of the uuencoded
-output. If there is no name specified after the -u, the name text.des
-will be embedded in the header.
-.SH SEE ALSO
-.B ps (1)
-.B des_crypt(3)
-.SH BUGS
-.LP
-The problem with using the
-.B -e
-option is the short key length.
-It would be better to use a real 56-bit key rather than an
-ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
-radically reduces the time necessary for a brute-force cryptographic attack.
-My attempt to remove this problem is to add an alternative text-key to
-DES-key function. This alternative function (accessed via
-.B -E, -D, -S
-and
-.B -3
-)
-uses DES to help generate the key.
-.LP
-Be carefully when using the -u option. Doing des -ud <filename> will
-not decrypt filename (the -u option will gobble the d option).
-.LP
-The VMS operating system operates in a world where files are always a
-multiple of 512 bytes. This causes problems when encrypted data is
-send from unix to VMS since a 88 byte file will suddenly be padded
-with 424 null bytes. To get around this problem, use the -u option
-to uuencode the data before it is send to the VMS system.
-.SH AUTHOR
-.LP
-Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au)
diff --git a/lib/des/des_crypt.3 b/lib/des/des_crypt.3
deleted file mode 100644
index a381041a3e..0000000000
--- a/lib/des/des_crypt.3
+++ /dev/null
@@ -1,379 +0,0 @@
-.\" $Id$
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <mit-copyright.h>.
-.\"
-.TH DES_CRYPT 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-des_read_password, des_string_to_key, des_random_key, des_set_key,
-des_ecb_encrypt, des_cbc_encrypt, des_pcbc_encrypt, des_cbc_cksum,
-des_quad_cksum, \- (new) DES encryption
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <des.h>
-.PP
-.ft B
-.B int des_read_password(key,prompt,verify)
-des_cblock *key;
-char *prompt;
-int verify;
-.PP
-.ft B
-int des_string_to_key(str,key)
-char *str;
-des_cblock key;
-.PP
-.ft B
-int des_random_key(key)
-des_cblock *key;
-.PP
-.ft B
-int des_set_key(key,schedule)
-des_cblock *key;
-des_key_schedule schedule;
-.PP
-.ft B
-int des_ecb_encrypt(input,output,schedule,encrypt)
-des_cblock *input;
-des_cblock *output;
-des_key_schedule schedule;
-int encrypt;
-.PP
-.ft B
-int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.ft B
-int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.ft B
-unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-.PP
-.ft B
-unsigned long quad_cksum(input,output,length,out_count,seed)
-des_cblock *input;
-des_cblock *output;
-long length;
-int out_count;
-des_cblock *seed;
-.PP
-.fi
-.SH DESCRIPTION
-This library supports various DES encryption related operations. It differs
-from the
-.I crypt, setkey, and encrypt
-library routines in that it provides
-a true DES encryption, without modifying the algorithm,
-and executes much faster.
-.PP
-For each key that may be simultaneously active, create a
-.B des_key_schedule
-struct,
-defined in "des.h". Next, create key schedules (from the 8-byte keys) as
-needed, via
-.I des_set_key,
-prior to using the encryption or checksum routines. Then
-setup the input and output areas. Make sure to note the restrictions
-on lengths being multiples of eight bytes. Finally, invoke the
-encryption/decryption routines,
-.I des_ecb_encrypt
-or
-.I des_cbc_encrypt
-or
-.I des_pcbc_encrypt,
-or, to generate a cryptographic checksum, use
-.I quad_cksum
-(fast) or
-.I des_cbc_cksum
-(slow).
-.PP
-A
-.I des_cblock
-struct is an 8 byte block used as the fundamental unit for DES data and
-keys, and is defined as:
-.PP
-.B typedef unsigned char des_cblock[8];
-.PP
-and a
-.I des_key_schedule,
-is defined as:
-.PP
-.B typedef struct des_ks_struct {des_cblock _;} des_key_schedule[16];
-.PP
-.I des_read_password
-writes the string specified by
-.I prompt
-to the standard
-output, turns off echo (if possible)
-and reads an input string from standard input until terminated with a newline.
-If
-.I verify
-is non-zero, it prompts and reads input again, for use
-in applications such as changing a password; both
-versions are compared, and the input is requested repeatedly until they
-match. Then
-.I des_read_password
-converts the input string into a valid DES key, internally
-using the
-.I des_string_to_key
-routine. The newly created key is copied to the
-area pointed to by the
-.I key
-argument.
-.I des_read_password
-returns a zero if no errors occurred, or a -1
-indicating that an error
-occurred trying to manipulate the terminal echo.
-.PP
-.PP
-.I des_string_to_key
-converts an arbitrary length null-terminated string
-to an 8 byte DES key, with odd byte parity, per FIPS specification.
-A one-way function is used to convert the string to a key, making it
-very difficult to reconstruct the string from the key.
-The
-.I str
-argument is a pointer to the string, and
-.I key
-should
-point to a
-.I des_cblock
-supplied by the caller to receive the generated key.
-No meaningful value is returned. Void is not used for compatibility with
-other compilers.
-.PP
-.PP
-.I des_random_key
-generates a random DES encryption key (eight bytes), set to odd parity per
-FIPS
-specifications.
-This routine uses the current time, process id, and a counter
-as a seed for the random number generator.
-The caller must supply space for the output key, pointed to
-by argument
-.I key,
-then after calling
-.I des_random_key
-should
-call the
-.I des_set_key
-routine when needed.
-No meaningful value is returned. Void is not used for compatibility
-with other compilers.
-.PP
-.PP
-.I des_set_key
-calculates a key schedule from all eight bytes of the input key, pointed
-to by the
-.I key
-argument, and outputs the schedule into the
-.I des_key_schedule
-indicated by the
-.I schedule
-argument. Make sure to pass a valid eight byte
-key; no padding is done. The key schedule may then be used in subsequent
-encryption/decryption/checksum operations. Many key schedules may be
-cached for later use. The user is responsible to clear keys and schedules
-as soon as no longer needed, to prevent their disclosure.
-The routine also checks the key
-parity, and returns a zero if the key parity is correct (odd), a -1
-indicating a key parity error, or a -2 indicating use of an illegal
-weak key. If an error is returned, the key schedule was not created.
-.PP
-.PP
-.I des_ecb_encrypt
-is the basic DES encryption routine that encrypts or decrypts a single 8-byte
-block in
-.B electronic code book
-mode. It always transforms the input data, pointed to by
-.I input,
-into the output data, pointed to by the
-.I output
-argument.
-.PP
-If the
-.I encrypt
-argument is non-zero, the
-.I input
-(cleartext) is encrypted into the
-.I output
-(ciphertext) using the key_schedule specified by the
-.I schedule
-argument, previously set via
-.I des_set_key
-.PP
-If encrypt is zero, the
-.I input
-(now ciphertext) is decrypted into the
-.I output
-(now cleartext).
-.PP
-Input and output may overlap.
-.PP
-No meaningful value is returned. Void is not used for compatibility
-with other compilers.
-.PP
-.PP
-.I des_cbc_encrypt
-encrypts/decrypts using the
-.B cipher-block-chaining mode of DES.
-If the
-.I encrypt
-argument is non-zero, the routine cipher-block-chain encrypts
-the cleartext data pointed to by the
-.I input
-argument into the ciphertext pointed to by the
-.I output
-argument, using the key schedule provided by the
-.I schedule
-argument, and initialization vector provided by the
-.I ivec
-argument.
-If the
-.I length
-argument is not an integral
-multiple of eight bytes, the last block is copied to a temp and zero
-filled (highest addresses). The output is ALWAYS an integral multiple
-of eight bytes.
-.PP
-If
-.I encrypt
-is zero, the routine cipher-block chain decrypts the (now) ciphertext
-data pointed to by the
-.I input
-argument into (now) cleartext pointed to by the
-.I output
-argument using the key schedule provided by the
-.I schedule
-argument, and initialization vector provided by the
-.I ivec
-argument. Decryption ALWAYS operates on integral
-multiples of 8 bytes, so it will round the
-.I length
-provided up to the
-appropriate multiple. Consequently, it will always produce the rounded-up
-number of bytes of output cleartext. The application must determine if
-the output cleartext was zero-padded due to original cleartext lengths that
-were not integral multiples of 8.
-.PP
-No errors or meaningful values are returned. Void is not used for
-compatibility with other compilers.
-.PP
-A characteristic of cbc mode is that changing a single bit of the
-cleartext, then encrypting using cbc mode,
-affects ALL the subsequent ciphertext. This makes cryptanalysis
-much more difficult. However, modifying a single bit of the ciphertext,
-then decrypting, only affects the resulting cleartext from
-the modified block and the succeeding block. Therefore,
-.I des_pcbc_encrypt
-is STRONGLY recommended for applications where
-indefinite propagation of errors is required in order to detect modifications.
-.PP
-.PP
-.I des_pcbc_encrypt
-encrypts/decrypts using a modified block chaining mode. Its calling
-sequence is identical to
-.I des_cbc_encrypt.
-It differs in its error propagation characteristics.
-.PP
-.I des_pcbc_encrypt
-is highly recommended for most encryption purposes, in that
-modification of a single bit of the ciphertext will affect ALL the
-subsequent (decrypted) cleartext. Similarly, modifying a single bit of
-the cleartext will affect ALL the subsequent (encrypted) ciphertext.
-"PCBC" mode, on encryption, "xors" both the
-cleartext of block N and the ciphertext resulting from block N with the
-cleartext for block N+1 prior to encrypting block N+1.
-.PP
-.I des_cbc_cksum
-produces an 8 byte cryptographic checksum by cipher-block-chain
-encrypting the cleartext data pointed to by the
-.I input
-argument. All of the ciphertext output is discarded, except the
-last 8-byte ciphertext block, which is written into the area pointed to by
-the
-.I output
-argument.
-It uses the key schedule,
-provided by the
-.I schedule
-argument and initialization vector provided by the
-.I ivec
-argument.
-If the
-.I length
-argument is not an integral
-multiple of eight bytes, the last cleartext block is copied to a temp and zero
-filled (highest addresses). The output is ALWAYS eight bytes.
-.PP
-The routine also returns an unsigned long, which is the last (highest address)
-half of the 8 byte checksum computed.
-.PP
-.PP
-.I quad_cksum
-produces a checksum by chaining quadratic operations on the cleartext data
-pointed to by the
-.I input
-argument. The
-.I length
-argument specifies the length of the
-input -- only exactly that many bytes are included for the checksum,
-without any padding.
-.PP
-The algorithm may be iterated over the same input data, if the
-.I out_count
-argument is 2, 3 or 4, and the optional
-.I output
-argument is a non-null pointer .
-The default is one iteration, and it will not run
-more than 4 times. Multiple iterations run slower, but provide
-a longer checksum if desired. The
-.I seed
-argument provides an 8-byte seed for the first iteration. If multiple iterations are
-requested, the results of one iteration are automatically used as
-the seed for the next iteration.
-.PP
-It returns both an unsigned long checksum value, and
-if the
-.I output
-argument is not a null pointer, up to 16 bytes of
-the computed checksum are written into the output.
-.PP
-.PP
-.SH FILES
-/usr/include/des.h
-.br
-/usr/lib/libdes.a
-.SH "SEE ALSO"
-.SH DIAGNOSTICS
-.SH BUGS
-This software has not yet been compiled or tested on machines other than the
-VAX and the IBM PC.
-.SH AUTHORS
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.SH RESTRICTIONS
-COPYRIGHT 1985,1986 Massachusetts Institute of Technology
-.PP
-This software may not be exported outside of the US without a special
-license from the US Dept of Commerce. It may be replaced by any secret
-key block cipher with block length and key length of 8 bytes, as long
-as the interface is the same as described here.
diff --git a/lib/gssapi/krb5/8003.c b/lib/gssapi/krb5/8003.c
deleted file mode 100644
index bb9f7adf80..0000000000
--- a/lib/gssapi/krb5/8003.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-static krb5_error_code
-encode_om_uint32(OM_uint32 n, u_char *p)
-{
- p[0] = (n >> 0) & 0xFF;
- p[1] = (n >> 8) & 0xFF;
- p[2] = (n >> 16) & 0xFF;
- p[3] = (n >> 24) & 0xFF;
- return 0;
-}
-
-static krb5_error_code
-decode_om_uint32(u_char *p, OM_uint32 *n)
-{
- *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
- return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
- u_char *p)
-{
- u_char num[4];
- struct md5 md5;
-
- md5_init(&md5);
- encode_om_uint32 (b->initiator_addrtype, num);
- md5_update (&md5, num, sizeof(num));
- encode_om_uint32 (b->initiator_address.length, num);
- md5_update (&md5, num, sizeof(num));
- if (b->initiator_address.length)
- md5_update (&md5,
- b->initiator_address.value,
- b->initiator_address.length);
- encode_om_uint32 (b->acceptor_addrtype, num);
- md5_update (&md5, num, sizeof(num));
- encode_om_uint32 (b->acceptor_address.length, num);
- md5_update (&md5, num, sizeof(num));
- if (b->acceptor_address.length)
- md5_update (&md5,
- b->acceptor_address.value,
- b->acceptor_address.length);
- encode_om_uint32 (b->application_data.length, num);
- md5_update (&md5, num, sizeof(num));
- if (b->application_data.length)
- md5_update (&md5,
- b->application_data.value,
- b->application_data.length);
- md5_finito (&md5, p);
- return 0;
-}
-
-krb5_error_code
-gssapi_krb5_create_8003_checksum (
- const gss_channel_bindings_t input_chan_bindings,
- OM_uint32 flags,
- Checksum *result)
-{
- u_char *p;
-
- result->cksumtype = 0x8003;
- result->checksum.length = 24;
- result->checksum.data = malloc (result->checksum.length);
- if (result->checksum.data == NULL)
- return ENOMEM;
-
- p = result->checksum.data;
- encode_om_uint32 (16, p);
- p += 4;
- if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
- memset (p, 0, 16);
- } else {
- hash_input_chan_bindings (input_chan_bindings, p);
- }
- p += 16;
- encode_om_uint32 (flags, p);
- p += 4;
- if (p - (u_char *)result->checksum.data != result->checksum.length)
- abort ();
- return 0;
-}
-
-krb5_error_code
-gssapi_krb5_verify_8003_checksum(
- const gss_channel_bindings_t input_chan_bindings,
- Checksum *cksum,
- OM_uint32 *flags)
-{
- unsigned char hash[16];
- unsigned char *p;
- OM_uint32 length;
-
- /* XXX should handle checksums > 24 bytes */
- if(cksum->cksumtype != 0x8003 || cksum->checksum.length != 24)
- return GSS_S_BAD_BINDINGS;
-
- p = cksum->checksum.data;
- decode_om_uint32(p, &length);
- if(length != sizeof(hash))
- return GSS_S_FAILURE;
-
- p += 4;
-
- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
- if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)
- return GSS_S_FAILURE;
- if(memcmp(hash, p, sizeof(hash)) != 0)
- return GSS_S_FAILURE;
- }
-
- p += sizeof(hash);
-
- decode_om_uint32(p, flags);
-
- return 0;
-}
diff --git a/lib/gssapi/krb5/ChangeLog b/lib/gssapi/krb5/ChangeLog
deleted file mode 100644
index b7b30b5372..0000000000
--- a/lib/gssapi/krb5/ChangeLog
+++ /dev/null
@@ -1,48 +0,0 @@
-1999-12-06 Assar Westerlund <assar@sics.se>
-
- * Makefile.am: bump version to 0:3:0
-
-1999-10-20 Assar Westerlund <assar@sics.se>
-
- * Makefile.am: set version to 0:2:0
-
-1999-09-21 Assar Westerlund <assar@sics.se>
-
- * init_sec_context.c (gss_init_sec_context): initialize `ticket'
-
- * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick.
-
- * delete_sec_context.c (gss_delete_sec_context): free ticket
-
- * accept_sec_context.c (gss_accept_sec_context): stove away
- `krb5_ticket' in context so that ugly programs such as
- gss_nt_server can get at it. uck.
-
-1999-09-20 Johan Danielsson <joda@pdc.kth.se>
-
- * accept_sec_context.c: set minor_status
-
-1999-08-04 Assar Westerlund <assar@sics.se>
-
- * display_status.c (calling_error, routine_error): right shift the
- code to make it possible to index into the arrays
-
-1999-07-28 Assar Westerlund <assar@sics.se>
-
- * gssapi.h (GSS_C_AF_INET6): add
-
- * import_name.c (import_hostbased_name): set minor_status
-
-1999-07-26 Assar Westerlund <assar@sics.se>
-
- * Makefile.am: set version to 0:1:0
-
-Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
-
- * display_status.c: set minor_status
-
- * init_sec_context.c: set minor_status
-
- * lib/gssapi/init.c: remove donep (check gssapi_krb5_context
- directly)
-
diff --git a/lib/gssapi/krb5/Makefile.am b/lib/gssapi/krb5/Makefile.am
deleted file mode 100644
index c8469fb1ab..0000000000
--- a/lib/gssapi/krb5/Makefile.am
+++ /dev/null
@@ -1,46 +0,0 @@
-# $Id$
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/../krb5
-
-lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 0:3:0
-
-include_HEADERS = gssapi.h
-
-libgssapi_la_SOURCES = \
- 8003.c \
- accept_sec_context.c \
- acquire_cred.c \
- add_oid_set_member.c \
- canonicalize_name.c \
- compare_name.c \
- context_time.c \
- create_emtpy_oid_set.c \
- decapsulate.c \
- delete_sec_context.c \
- display_name.c \
- display_status.c \
- duplicate_name.c \
- encapsulate.c \
- export_name.c \
- external.c \
- get_mic.c \
- gssapi.h \
- gssapi_locl.h \
- import_name.c \
- indicate_mechs.c \
- init.c \
- init_sec_context.c \
- inquire_context.c \
- inquire_cred.c \
- release_buffer.c \
- release_cred.c \
- release_name.c \
- release_oid_set.c \
- test_oid_set_member.c \
- unwrap.c \
- v1.c \
- verify_mic.c \
- wrap.c
diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c
deleted file mode 100644
index a9bf8389b6..0000000000
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-static krb5_keytab gss_keytab;
-
-OM_uint32
-gsskrb5_register_acceptor_identity (char *identity)
-{
- char *p;
- if(gss_keytab != NULL) {
- krb5_kt_close(gssapi_krb5_context, gss_keytab);
- gss_keytab = NULL;
- }
- asprintf(&p, "FILE:%s", identity);
- if(p == NULL)
- return GSS_S_FAILURE;
- krb5_kt_resolve(gssapi_krb5_context, p, &gss_keytab);
- free(p);
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_accept_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token_buffer,
- const gss_channel_bindings_t input_chan_bindings,
- gss_name_t * src_name,
- gss_OID * mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec,
- gss_cred_id_t * delegated_cred_handle
- )
-{
- krb5_error_code kret;
- OM_uint32 ret;
- krb5_data indata;
- krb5_flags ap_options;
- OM_uint32 flags;
- krb5_ticket *ticket = NULL;
- krb5_keytab keytab = NULL;
-
- gssapi_krb5_init ();
-
- if (*context_handle == GSS_C_NO_CONTEXT) {
- *context_handle = malloc(sizeof(**context_handle));
- if (*context_handle == GSS_C_NO_CONTEXT) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- }
-
- (*context_handle)->auth_context = NULL;
- (*context_handle)->source = NULL;
- (*context_handle)->target = NULL;
- (*context_handle)->flags = 0;
- (*context_handle)->more_flags = 0;
- (*context_handle)->ticket = NULL;
-
- kret = krb5_auth_con_init (gssapi_krb5_context,
- &(*context_handle)->auth_context);
- if (kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- {
- int32_t tmp;
-
- krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &tmp);
- tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- tmp);
- }
-
- ret = gssapi_krb5_decapsulate (input_token_buffer,
- &indata,
- "\x01\x00");
- if (ret) {
- kret = 0;
- goto failure;
- }
-
- if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
- if (gss_keytab != NULL) {
- keytab = gss_keytab;
- }
- } else if (acceptor_cred_handle->keytab != NULL) {
- keytab = acceptor_cred_handle->keytab;
- }
-
- kret = krb5_rd_req (gssapi_krb5_context,
- &(*context_handle)->auth_context,
- &indata,
- (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
- : acceptor_cred_handle->principal,
- keytab,
- &ap_options,
- &ticket);
- if (kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- ticket->client,
- &(*context_handle)->source);
- if (kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- if (src_name) {
- kret = krb5_copy_principal (gssapi_krb5_context,
- ticket->client,
- src_name);
- if (kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
- }
-
- {
- krb5_authenticator authenticator;
-
- kret = krb5_auth_getauthenticator(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &authenticator);
- if(kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,
- authenticator->cksum,
- &flags);
- krb5_free_authenticator(gssapi_krb5_context, &authenticator);
- if (kret) {
- ret = GSS_S_FAILURE;
- goto failure;
- }
- }
-
- if (ret_flags)
- *ret_flags = flags;
- (*context_handle)->flags = flags;
- (*context_handle)->more_flags |= OPEN;
-
- if (mech_type)
- *mech_type = GSS_KRB5_MECHANISM;
-
- if (time_rec)
- *time_rec = GSS_C_INDEFINITE;
-
- if(flags & GSS_C_MUTUAL_FLAG) {
- krb5_data outbuf;
-
- kret = krb5_mk_rep (gssapi_krb5_context,
- &(*context_handle)->auth_context,
- &outbuf);
- if (kret) {
- krb5_data_free (&outbuf);
- ret = GSS_S_FAILURE;
- goto failure;
- }
- ret = gssapi_krb5_encapsulate (&outbuf,
- output_token,
- "\x02\x00");
- if (ret) {
- kret = 0;
- goto failure;
- }
- } else {
- output_token->length = 0;
- }
-
- (*context_handle)->ticket = ticket;
- ticket = NULL;
-
-#if 0
- krb5_free_ticket (context, ticket);
-#endif
-
- return GSS_S_COMPLETE;
-
-failure:
- if (ticket != NULL)
- krb5_free_ticket (gssapi_krb5_context, ticket);
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- free (*context_handle);
- *context_handle = GSS_C_NO_CONTEXT;
- *minor_status = kret;
- return GSS_S_FAILURE;
-}
diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c
deleted file mode 100644
index 1973365949..0000000000
--- a/lib/gssapi/krb5/acquire_cred.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_acquire_cred
- (OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- )
-{
- gss_cred_id_t handle;
- OM_uint32 ret;
-
- handle = (gss_cred_id_t)malloc(sizeof(*handle));
- if (handle == GSS_C_NO_CREDENTIAL) {
- return GSS_S_FAILURE;
- }
-
- ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
- if (ret) {
- return ret;
- }
-
- /* XXX */
- handle->lifetime = time_req;
-
- handle->keytab = NULL;
- handle->usage = cred_usage;
-
- ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
- if (ret) {
- return ret;
- }
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &handle->mechanisms);
- if (ret) {
- return ret;
- }
-
- ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
- actual_mechs);
- if (ret) {
- return ret;
- }
-
- *output_cred_handle = handle;
-
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/add_oid_set_member.c b/lib/gssapi/krb5/add_oid_set_member.c
deleted file mode 100644
index f53bca382f..0000000000
--- a/lib/gssapi/krb5/add_oid_set_member.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_add_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member_oid,
- gss_OID_set * oid_set
- )
-{
- size_t n = (*oid_set)->count;
-
- (*oid_set)->elements = realloc ((*oid_set)->elements,
- n * sizeof(gss_OID_desc));
- if ((*oid_set)->elements == NULL) {
- return GSS_S_FAILURE;
- }
- (*oid_set)->count = n;
- (*oid_set)->elements[n-1] = *member_oid;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/canonicalize_name.c b/lib/gssapi/krb5/canonicalize_name.c
deleted file mode 100644
index 9bd51e0d90..0000000000
--- a/lib/gssapi/krb5/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_canonicalize_name (
- OM_uint32 * minor_status,
- const gss_name_t input_name,
- const gss_OID mech_type,
- gss_name_t * output_name
- )
-{
- return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/lib/gssapi/krb5/compare_name.c b/lib/gssapi/krb5/compare_name.c
deleted file mode 100644
index f4f3de47d4..0000000000
--- a/lib/gssapi/krb5/compare_name.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_compare_name
- (OM_uint32 * minor_status,
- const gss_name_t name1,
- const gss_name_t name2,
- int * name_equal
- )
-{
- gssapi_krb5_init ();
- *name_equal = krb5_principal_compare (gssapi_krb5_context,
- name1, name2);
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/context_time.c b/lib/gssapi/krb5/context_time.c
deleted file mode 100644
index e6a71dffff..0000000000
--- a/lib/gssapi/krb5/context_time.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_context_time
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 lifetime;
- OM_uint32 ret;
- krb5_error_code kret;
- int32_t timeret;
-
- gssapi_krb5_init();
-
- ret = gss_inquire_context(minor_status, context_handle,
- NULL, NULL, &lifetime, NULL, NULL, NULL, NULL);
- if (ret) {
- return ret;
- }
-
- kret = krb5_timeofday(gssapi_krb5_context, &timeret);
- if (kret) {
- return GSS_S_FAILURE;
- }
-
- *time_rec = lifetime - timeret;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/create_emtpy_oid_set.c b/lib/gssapi/krb5/create_emtpy_oid_set.c
deleted file mode 100644
index 428a19b85a..0000000000
--- a/lib/gssapi/krb5/create_emtpy_oid_set.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_create_empty_oid_set (
- OM_uint32 * minor_status,
- gss_OID_set * oid_set
- )
-{
- *oid_set = malloc(sizeof(**oid_set));
- if (*oid_set == NULL) {
- return GSS_S_FAILURE;
- }
- (*oid_set)->count = 0;
- (*oid_set)->elements = NULL;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
deleted file mode 100644
index a72b8cdb9d..0000000000
--- a/lib/gssapi/krb5/decapsulate.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
- size_t total_len,
- char *type)
-{
- size_t len, len_len, mech_len, foo;
- int e;
- u_char *p = *str;
-
- if (*p++ != 0x60)
- return GSS_S_DEFECTIVE_TOKEN;
- e = der_get_length (p, total_len - 1, &len, &len_len);
- if (e || 1 + len_len + len != total_len)
- abort ();
- p += len_len;
- if (*p++ != 0x06)
- return GSS_S_DEFECTIVE_TOKEN;
- e = der_get_length (p, total_len - 1 - len_len - 1,
- &mech_len, &foo);
- if (e)
- abort ();
- p += foo;
- if (mech_len != GSS_KRB5_MECHANISM->length)
- return GSS_S_BAD_MECH;
- if (memcmp(p,
- GSS_KRB5_MECHANISM->elements,
- GSS_KRB5_MECHANISM->length) != 0)
- return GSS_S_BAD_MECH;
- p += mech_len;
- if (memcmp (p, type, 2) != 0)
- return GSS_S_DEFECTIVE_TOKEN;
- p += 2;
- *str = p;
- return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-gssapi_krb5_decapsulate(
- gss_buffer_t input_token_buffer,
- krb5_data *out_data,
- char *type
-)
-{
- u_char *p;
- OM_uint32 ret;
-
- p = input_token_buffer->value;
- ret = gssapi_krb5_verify_header(&p,
- input_token_buffer->length,
- type);
- if (ret)
- return ret;
-
- out_data->length = input_token_buffer->length -
- (p - (u_char *)input_token_buffer->value);
- out_data->data = p;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/delete_sec_context.c b/lib/gssapi/krb5/delete_sec_context.c
deleted file mode 100644
index 7554086473..0000000000
--- a/lib/gssapi/krb5/delete_sec_context.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_delete_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- gss_buffer_t output_token
- )
-{
- gssapi_krb5_init ();
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- if ((*context_handle)->ticket)
- krb5_free_ticket (gssapi_krb5_context,
- (*context_handle)->ticket);
- free (*context_handle);
- if (output_token)
- output_token->length = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c
deleted file mode 100644
index 5f83d6d532..0000000000
--- a/lib/gssapi/krb5/display_name.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_display_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t output_name_buffer,
- gss_OID * output_name_type
- )
-{
- krb5_error_code kret;
- char *buf;
- size_t len;
-
- gssapi_krb5_init ();
- kret = krb5_unparse_name (gssapi_krb5_context,
- input_name,
- &buf);
- if (kret)
- return GSS_S_FAILURE;
- len = strlen (buf);
- output_name_buffer->length = len;
- output_name_buffer->value = malloc(len + 1);
- if (output_name_buffer->value == NULL) {
- free (buf);
- return GSS_S_FAILURE;
- }
- memcpy (output_name_buffer->value, buf, len);
- ((char *)output_name_buffer->value)[len] = '\0';
- free (buf);
- if (output_name_type)
- *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/display_status.c b/lib/gssapi/krb5/display_status.c
deleted file mode 100644
index 974c8595f5..0000000000
--- a/lib/gssapi/krb5/display_status.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-static char *
-calling_error(OM_uint32 v)
-{
- static char *msgs[] = {
- NULL, /* 0 */
- "A required input parameter could not be read.", /* */
- "A required output parameter could not be written.", /* */
- "A parameter was malformed"
- };
-
- v >>= GSS_C_CALLING_ERROR_OFFSET;
-
- if (v == 0)
- return "";
- else if (v >= sizeof(msgs)/sizeof(*msgs))
- return "unknown calling error";
- else
- return msgs[v];
-}
-
-static char *
-routine_error(OM_uint32 v)
-{
- static char *msgs[] = {
- NULL, /* 0 */
- "An unsupported mechanism was requested",
- "An invalid name was supplied",
- "A supplied name was of an unsupported type",
- "Incorrect channel bindings were supplied",
- "An invalid status code was supplied",
- "A token had an invalid MIC",
- "No credentials were supplied, "
- "or the credentials were unavailable or inaccessible.",
- "No context has been established",
- "A token was invalid",
- "A credential was invalid",
- "The referenced credentials have expired",
- "The context has expired",
- "Miscellaneous failure (see text)",
- "The quality-of-protection requested could not be provide",
- "The operation is forbidden by local security policy",
- "The operation or option is not available",
- "The requested credential element already exists",
- "The provided name was not a mechanism name.",
- };
-
- v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
- if (v == 0)
- return "";
- else if (v >= sizeof(msgs)/sizeof(*msgs))
- return "unknown routine error";
- else
- return msgs[v];
-}
-
-OM_uint32 gss_display_status
- (OM_uint32 *minor_status,
- OM_uint32 status_value,
- int status_type,
- const gss_OID mech_type,
- OM_uint32 *message_context,
- gss_buffer_t status_string)
-{
- char *buf;
-
- gssapi_krb5_init ();
-
- *minor_status = 0;
-
- if (mech_type != GSS_C_NO_OID &&
- mech_type != GSS_KRB5_MECHANISM)
- return GSS_S_BAD_MECH;
-
- if (status_type == GSS_C_GSS_CODE) {
- asprintf (&buf, "%s %s",
- calling_error(GSS_CALLING_ERROR(status_value)),
- routine_error(GSS_ROUTINE_ERROR(status_value)));
- if (buf == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- } else if (status_type == GSS_C_MECH_CODE) {
- buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value));
- if (buf == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- } else
- return GSS_S_BAD_STATUS;
-
- *message_context = 0;
-
- status_string->length = strlen(buf);
- status_string->value = buf;
-
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c
deleted file mode 100644
index 9dc64ba6bd..0000000000
--- a/lib/gssapi/krb5/duplicate_name.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_duplicate_name (
- OM_uint32 * minor_status,
- const gss_name_t src_name,
- gss_name_t * dest_name
- )
-{
- krb5_error_code kret;
-
- gssapi_krb5_init ();
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- src_name,
- dest_name);
- if (kret)
- return GSS_S_FAILURE;
- else
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/encapsulate.c b/lib/gssapi/krb5/encapsulate.c
deleted file mode 100644
index 0307a8a449..0000000000
--- a/lib/gssapi/krb5/encapsulate.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-void
-gssapi_krb5_encap_length (size_t data_len,
- size_t *len,
- size_t *total_len)
-{
- size_t len_len;
-
- *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
-
- len_len = length_len(*len);
-
- *total_len = 1 + len_len + *len;
-}
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
- size_t len,
- u_char *type)
-{
- int e;
- size_t len_len, foo;
-
- *p++ = 0x60;
- len_len = length_len(len);
- e = der_put_length (p + len_len - 1, len_len, len, &foo);
- if(e || foo != len_len)
- abort ();
- p += len_len;
- *p++ = 0x06;
- *p++ = GSS_KRB5_MECHANISM->length;
- memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
- p += GSS_KRB5_MECHANISM->length;
- memcpy (p, type, 2);
- p += 2;
- return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-gssapi_krb5_encapsulate(
- krb5_data *in_data,
- gss_buffer_t output_token,
- u_char *type
-)
-{
- size_t len, outer_len;
- u_char *p;
-
- gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
-
- output_token->length = outer_len;
- output_token->value = malloc (outer_len);
- if (output_token->value == NULL)
- return GSS_S_FAILURE;
-
- p = gssapi_krb5_make_header (output_token->value, len, type);
- memcpy (p, in_data->data, in_data->length);
- krb5_data_free (in_data);
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/export_name.c b/lib/gssapi/krb5/export_name.c
deleted file mode 100644
index 2d269454b3..0000000000
--- a/lib/gssapi/krb5/export_name.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_export_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t exported_name
- )
-{
- return gss_display_name(minor_status,
- input_name,
- exported_name,
- NULL);
-}
diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c
deleted file mode 100644
index 0bd77fe62f..0000000000
--- a/lib/gssapi/krb5/external.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x01"};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x02"};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x03"};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 2(gss-host-based-services)}. The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}. The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, (void *)"\x2b\x06\01\x05\x06\x03"};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}. The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}. The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * To support ongoing experimentation, testing, and evolution of the
- * specification, the Kerberos V5 GSS-API mechanism as defined in this
- * and any successor memos will be identified with the following Object
- * Identifier, as defined in RFC-1510, until the specification is
- * advanced to the level of Proposed Standard RFC:
- *
- * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- * Upon advancement to the level of Proposed Standard RFC, the Kerberos
- * V5 GSS-API mechanism will be identified by an Object Identifier
- * having the value:
- *
- * {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- * gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, (void *)"\x2b\x05\x01\x05\x02"};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-krb5_context gssapi_krb5_context;
diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c
deleted file mode 100644
index c435c4f1b5..0000000000
--- a/lib/gssapi/krb5/get_mic.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_get_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token
- )
-{
- u_char *p;
- struct md5 md5;
- u_char hash[16];
- des_key_schedule schedule;
- des_cblock key;
- des_cblock zero;
- int32_t seq_number;
- size_t len, total_len;
-
- gssapi_krb5_encap_length (22, &len, &total_len);
-
- message_token->length = total_len;
- message_token->value = malloc (total_len);
- if (message_token->value == NULL)
- return GSS_S_FAILURE;
-
- p = gssapi_krb5_make_header(message_token->value,
- len,
- "\x01\x01");
-
- memcpy (p, "\x00\x00", 2);
- p += 2;
- memcpy (p, "\xff\xff\xff\xff", 4);
- p += 4;
-
- /* Fill in later */
- memset (p, 0, 16);
- p += 16;
-
- /* checksum */
- md5_init (&md5);
- md5_update (&md5, p - 24, 8);
- md5_update (&md5, message_buffer->value,
- message_buffer->length);
- md5_finito (&md5, hash);
-
- memset (&zero, 0, sizeof(zero));
- gss_krb5_getsomekey(context_handle, &key);
- des_set_key (&key, schedule);
- des_cbc_cksum ((des_cblock *)hash,
- (des_cblock *)hash, sizeof(hash), schedule, &zero);
- memcpy (p - 8, hash, 8);
-
- /* sequence number */
- krb5_auth_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- p -= 16;
- p[0] = (seq_number >> 0) & 0xFF;
- p[1] = (seq_number >> 8) & 0xFF;
- p[2] = (seq_number >> 16) & 0xFF;
- p[3] = (seq_number >> 24) & 0xFF;
- memset (p + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
- des_set_key (&key, schedule);
- des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
- schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
- krb5_auth_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
-
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/gssapi.h b/lib/gssapi/krb5/gssapi.h
deleted file mode 100644
index 95bcbf5a8f..0000000000
--- a/lib/gssapi/krb5/gssapi.h
+++ /dev/null
@@ -1,742 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-#ifndef GSSAPI_H_
-#define GSSAPI_H_
-
-/*
- * First, include stddef.h to get size_t defined.
- */
-#include <stddef.h>
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <sys/types.h>
-
-#include <krb5-types.h>
-
-/*
- * Now define the three implementation-dependent types.
- */
-
-typedef u_int32_t OM_uint32;
-
-/*
- * This is to avoid having to include <krb5.h>
- */
-
-struct krb5_auth_context_data;
-
-struct Principal;
-
-/* typedef void *gss_name_t; */
-
-typedef struct Principal *gss_name_t;
-
-typedef struct gss_ctx_id_t_desc_struct {
- struct krb5_auth_context_data *auth_context;
- gss_name_t source, target;
- OM_uint32 flags;
- enum { LOCAL = 1, OPEN = 2} more_flags;
- struct krb5_ticket *ticket;
-} gss_ctx_id_t_desc;
-
-typedef gss_ctx_id_t_desc *gss_ctx_id_t;
-
-typedef struct gss_OID_desc_struct {
- OM_uint32 length;
- void *elements;
-} gss_OID_desc, *gss_OID;
-
-typedef struct gss_OID_set_desc_struct {
- size_t count;
- gss_OID elements;
-} gss_OID_set_desc, *gss_OID_set;
-
-struct krb5_keytab_data;
-
-typedef int gss_cred_usage_t;
-
-typedef struct gss_cred_id_t_desc_struct {
- gss_name_t principal;
- struct krb5_keytab_data *keytab;
- OM_uint32 lifetime;
- gss_cred_usage_t usage;
- gss_OID_set mechanisms;
-} gss_cred_id_t_desc;
-
-typedef gss_cred_id_t_desc *gss_cred_id_t;
-
-typedef struct gss_buffer_desc_struct {
- size_t length;
- void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-typedef struct gss_channel_bindings_struct {
- OM_uint32 initiator_addrtype;
- gss_buffer_desc initiator_address;
- OM_uint32 acceptor_addrtype;
- gss_buffer_desc acceptor_address;
- gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-/*
- * For now, define a QOP-type as an OM_uint32
- */
-typedef OM_uint32 gss_qop_t;
-
-/*
- * Flag bits for context-level services.
- */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
-
-/*
- * Credential usage options
- */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
-
-/*
- * Status code types for gss_display_status
- */
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-/*
- * The constant definitions for channel-bindings address families
- */
-#define GSS_C_AF_UNSPEC 0
-#define GSS_C_AF_LOCAL 1
-#define GSS_C_AF_INET 2
-#define GSS_C_AF_IMPLINK 3
-#define GSS_C_AF_PUP 4
-#define GSS_C_AF_CHAOS 5
-#define GSS_C_AF_NS 6
-#define GSS_C_AF_NBS 7
-#define GSS_C_AF_ECMA 8
-#define GSS_C_AF_DATAKIT 9
-#define GSS_C_AF_CCITT 10
-#define GSS_C_AF_SNA 11
-#define GSS_C_AF_DECnet 12
-#define GSS_C_AF_DLI 13
-#define GSS_C_AF_LAT 14
-#define GSS_C_AF_HYLINK 15
-#define GSS_C_AF_APPLETALK 16
-#define GSS_C_AF_BSC 17
-#define GSS_C_AF_DSS 18
-#define GSS_C_AF_OSI 19
-#define GSS_C_AF_X25 21
-#define GSS_C_AF_INET6 24
-
-#define GSS_C_AF_NULLADDR 255
-
-/*
- * Various Null values
- */
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-/*
- * Some alternate names for a couple of the above
- * values. These are defined for V1 compatibility.
- */
-#define GSS_C_NULL_OID GSS_C_NO_OID
-#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-/*
- * Define the default Quality of Protection for per-message
- * services. Note that an implementation that offers multiple
- * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
- * (as done here) to mean "default protection", or to a specific
- * explicit QOP value. However, a value of 0 should always be
- * interpreted by a GSSAPI implementation as a request for the
- * default protection level.
- */
-#define GSS_C_QOP_DEFAULT 0
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_USER_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 2(gss-host-based-services)}. The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}. The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_ANONYMOUS;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}. The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-/*
- * This if for kerberos5 names.
- */
-
-extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
-extern gss_OID GSS_KRB5_NT_USER_NAME;
-extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
-extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
-
-extern gss_OID GSS_KRB5_MECHANISM;
-
-/* Major status codes */
-
-#define GSS_S_COMPLETE 0
-
-/*
- * Some "helper" definitions to make the status code macros obvious.
- */
-#define GSS_C_CALLING_ERROR_OFFSET 24
-#define GSS_C_ROUTINE_ERROR_OFFSET 16
-#define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377ul
-#define GSS_C_ROUTINE_ERROR_MASK 0377ul
-#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-/*
- * The macros that test status codes for error conditions.
- * Note that the GSS_ERROR() macro has changed slightly from
- * the V1 GSSAPI so that it now evaluates its argument
- * only once.
- */
-#define GSS_CALLING_ERROR(x) \
- (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-#define GSS_ROUTINE_ERROR(x) \
- (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-#define GSS_SUPPLEMENTARY_INFO(x) \
- (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-#define GSS_ERROR(x) \
- (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
- (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-/*
- * Now the actual status code definitions
- */
-
-/*
- * Calling errors:
- */
-#define GSS_S_CALL_INACCESSIBLE_READ \
- (1ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_INACCESSIBLE_WRITE \
- (2ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_BAD_STRUCTURE \
- (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-/*
- * Routine errors:
- */
-#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_MIC GSS_S_BAD_SIG
-#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-/*
- * Supplementary info bits:
- */
-#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-/*
- * From RFC1964:
- *
- * 4.1.1. Non-Kerberos-specific codes
- */
-
-#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
- /* "No @ in SERVICE-NAME name string" */
-#define GSS_KRB5_S_G_BAD_STRING_UID 2
- /* "STRING-UID-NAME contains nondigits" */
-#define GSS_KRB5_S_G_NOUSER 3
- /* "UID does not resolve to username" */
-#define GSS_KRB5_S_G_VALIDATE_FAILED 4
- /* "Validation error" */
-#define GSS_KRB5_S_G_BUFFER_ALLOC 5
- /* "Couldn't allocate gss_buffer_t data" */
-#define GSS_KRB5_S_G_BAD_MSG_CTX 6
- /* "Message context invalid" */
-#define GSS_KRB5_S_G_WRONG_SIZE 7
- /* "Buffer is the wrong size" */
-#define GSS_KRB5_S_G_BAD_USAGE 8
- /* "Credential usage type is unknown" */
-#define GSS_KRB5_S_G_UNKNOWN_QOP 9
- /* "Unknown quality of protection specified" */
-
- /*
- * 4.1.2. Kerberos-specific-codes
- */
-
-#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
- /* "Principal in credential cache does not match desired name" */
-#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
- /* "No principal in keytab matches desired name" */
-#define GSS_KRB5_S_KG_TGT_MISSING 12
- /* "Credential cache has no TGT" */
-#define GSS_KRB5_S_KG_NO_SUBKEY 13
- /* "Authenticator has no subkey" */
-#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
- /* "Context is already fully established" */
-#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
- /* "Unknown signature type in token" */
-#define GSS_KRB5_S_KG_BAD_LENGTH 16
- /* "Invalid field length in token" */
-#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
- /* "Attempt to use incomplete security context" */
-
-/*
- * Finally, function prototypes for the GSS-API routines.
- */
-
-OM_uint32 gss_acquire_cred
- (OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- );
-
-OM_uint32 gss_release_cred
- (OM_uint32 * minor_status,
- gss_cred_id_t * cred_handle
- );
-
-OM_uint32 gss_init_sec_context
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- );
-
-OM_uint32 gss_accept_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token_buffer,
- const gss_channel_bindings_t input_chan_bindings,
- gss_name_t * src_name,
- gss_OID * mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec,
- gss_cred_id_t * delegated_cred_handle
- );
-
-OM_uint32 gss_process_context_token
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t token_buffer
- );
-
-OM_uint32 gss_delete_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- gss_buffer_t output_token
- );
-
-OM_uint32 gss_context_time
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- OM_uint32 * time_rec
- );
-
-OM_uint32 gss_get_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token
- );
-
-OM_uint32 gss_verify_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state
- );
-
-OM_uint32 gss_wrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- );
-
-OM_uint32 gss_unwrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- gss_qop_t * qop_state
- );
-
-OM_uint32 gss_display_status
- (OM_uint32 * minor_status,
- OM_uint32 status_value,
- int status_type,
- const gss_OID mech_type,
- OM_uint32 * message_context,
- gss_buffer_t status_string
- );
-
-OM_uint32 gss_indicate_mechs
- (OM_uint32 * minor_status,
- gss_OID_set * mech_set
- );
-
-OM_uint32 gss_compare_name
- (OM_uint32 * minor_status,
- const gss_name_t name1,
- const gss_name_t name2,
- int * name_equal
- );
-
-OM_uint32 gss_display_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t output_name_buffer,
- gss_OID * output_name_type
- );
-
-OM_uint32 gss_import_name
- (OM_uint32 * minor_status,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
- gss_name_t * output_name
- );
-
-OM_uint32 gss_export_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t exported_name
- );
-
-OM_uint32 gss_release_name
- (OM_uint32 * minor_status,
- gss_name_t * input_name
- );
-
-OM_uint32 gss_release_buffer
- (OM_uint32 * minor_status,
- gss_buffer_t buffer
- );
-
-OM_uint32 gss_release_oid_set
- (OM_uint32 * minor_status,
- gss_OID_set * set
- );
-
-OM_uint32 gss_inquire_cred
- (OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- gss_name_t * name,
- OM_uint32 * lifetime,
- gss_cred_usage_t * cred_usage,
- gss_OID_set * mechanisms
- );
-
-OM_uint32 gss_inquire_context (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_name_t * src_name,
- gss_name_t * targ_name,
- OM_uint32 * lifetime_rec,
- gss_OID * mech_type,
- OM_uint32 * ctx_flags,
- int * locally_initiated,
- int * open
- );
-
-OM_uint32 gss_wrap_size_limit (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- OM_uint32 req_output_size,
- OM_uint32 * max_input_size
- );
-
-OM_uint32 gss_add_cred (
- OM_uint32 * minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
- const gss_OID desired_mech,
- gss_cred_usage_t cred_usage,
- OM_uint32 initiator_time_req,
- OM_uint32 acceptor_time_req,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * initiator_time_rec,
- OM_uint32 * acceptor_time_rec
- );
-
-OM_uint32 gss_inquire_cred_by_mech (
- OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- const gss_OID mech_type,
- gss_name_t * name,
- OM_uint32 * initiator_lifetime,
- OM_uint32 * acceptor_lifetime,
- gss_cred_usage_t * cred_usage
- );
-
-OM_uint32 gss_export_sec_context (
- OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- gss_buffer_t interprocess_token
- );
-
-OM_uint32 gss_import_sec_context (
- OM_uint32 * minor_status,
- const gss_buffer_t interprocess_token,
- gss_ctx_id_t * context_handle
- );
-
-OM_uint32 gss_create_empty_oid_set (
- OM_uint32 * minor_status,
- gss_OID_set * oid_set
- );
-
-OM_uint32 gss_add_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member_oid,
- gss_OID_set * oid_set
- );
-
-OM_uint32 gss_test_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member,
- const gss_OID_set set,
- int * present
- );
-
-OM_uint32 gss_inquire_names_for_mech (
- OM_uint32 * minor_status,
- const gss_OID mechanism,
- gss_OID_set * name_types
- );
-
-OM_uint32 gss_inquire_mechs_for_name (
- OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_OID_set * mech_types
- );
-
-OM_uint32 gss_canonicalize_name (
- OM_uint32 * minor_status,
- const gss_name_t input_name,
- const gss_OID mech_type,
- gss_name_t * output_name
- );
-
-OM_uint32 gss_duplicate_name (
- OM_uint32 * minor_status,
- const gss_name_t src_name,
- gss_name_t * dest_name
- );
-
-/*
- * The following routines are obsolete variants of gss_get_mic,
- * gss_verify_mic, gss_wrap and gss_unwrap. They should be
- * provided by GSSAPI V2 implementations for backwards
- * compatibility with V1 applications. Distinct entrypoints
- * (as opposed to #defines) should be provided, both to allow
- * GSSAPI V1 applications to link against GSSAPI V2 implementations,
- * and to retain the slight parameter type differences between the
- * obsolete versions of these routines and their current forms.
- */
-
-OM_uint32 gss_sign
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int qop_req,
- gss_buffer_t message_buffer,
- gss_buffer_t message_token
- );
-
-OM_uint32 gss_verify
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t message_buffer,
- gss_buffer_t token_buffer,
- int * qop_state
- );
-
-OM_uint32 gss_seal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- );
-
-OM_uint32 gss_unseal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- int * qop_state
- );
-
-/*
- * kerberos mechanism specific functions
- */
-
-OM_uint32 gsskrb5_register_acceptor_identity
- (char *identity);
-
-#endif /* GSSAPI_H_ */
diff --git a/lib/gssapi/krb5/gssapi_locl.h b/lib/gssapi/krb5/gssapi_locl.h
deleted file mode 100644
index e9c1de12da..0000000000
--- a/lib/gssapi/krb5/gssapi_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-#ifndef GSSAPI_LOCL_H
-#define GSSAPI_LOCL_H
-
-#include <krb5_locl.h>
-#include <gssapi.h>
-
-extern krb5_context gssapi_krb5_context;
-
-void gssapi_krb5_init (void);
-
-krb5_error_code
-gssapi_krb5_create_8003_checksum (
- const gss_channel_bindings_t input_chan_bindings,
- OM_uint32 flags,
- Checksum *result);
-
-krb5_error_code
-gssapi_krb5_verify_8003_checksum (
- const gss_channel_bindings_t input_chan_bindings,
- Checksum *cksum,
- OM_uint32 *flags);
-
-OM_uint32
-gssapi_krb5_encapsulate(
- krb5_data *in_data,
- gss_buffer_t output_token,
- u_char *type);
-
-OM_uint32
-gssapi_krb5_decapsulate(
- gss_buffer_t input_token_buffer,
- krb5_data *out_data,
- char *type);
-
-void
-gssapi_krb5_encap_length (size_t data_len,
- size_t *len,
- size_t *total_len);
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
- size_t len,
- u_char *type);
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
- size_t total_len,
- char *type);
-
-OM_uint32
-gss_krb5_getsomekey(const gss_ctx_id_t context_handle,
- des_cblock *key);
-
-#endif
diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c
deleted file mode 100644
index 89c0a13a9f..0000000000
--- a/lib/gssapi/krb5/import_name.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
-{
- krb5_error_code kerr;
- char *tmp;
-
- tmp = malloc (input_name_buffer->length + 1);
- if (tmp == NULL)
- return GSS_S_FAILURE;
- memcpy (tmp,
- input_name_buffer->value,
- input_name_buffer->length);
- tmp[input_name_buffer->length] = '\0';
-
- kerr = krb5_parse_name (gssapi_krb5_context,
- tmp,
- output_name);
- free (tmp);
- if (kerr == 0)
- return GSS_S_COMPLETE;
- else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
- return GSS_S_BAD_NAME;
- else
- return GSS_S_FAILURE;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
-{
- krb5_error_code kerr;
- char *tmp;
- char *p;
- char *host;
- char local_hostname[MAXHOSTNAMELEN];
-
- tmp = malloc (input_name_buffer->length + 1);
- if (tmp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy (tmp,
- input_name_buffer->value,
- input_name_buffer->length);
- tmp[input_name_buffer->length] = '\0';
-
- p = strchr (tmp, '@');
- if (p != NULL) {
- *p = '\0';
- host = p + 1;
- } else {
- if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
- *minor_status = errno;
- free (tmp);
- return GSS_S_FAILURE;
- }
- host = local_hostname;
- }
-
- kerr = krb5_sname_to_principal (gssapi_krb5_context,
- host,
- tmp,
- KRB5_NT_SRV_HST,
- output_name);
- free (tmp);
- *minor_status = kerr;
- if (kerr == 0)
- return GSS_S_COMPLETE;
- else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
- return GSS_S_BAD_NAME;
- else
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_import_name
- (OM_uint32 * minor_status,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
- gss_name_t * output_name
- )
-{
- gssapi_krb5_init ();
-
- if (input_name_type == GSS_C_NT_HOSTBASED_SERVICE)
- return import_hostbased_name (minor_status,
- input_name_buffer,
- output_name);
- else if (input_name_type == GSS_C_NO_OID
- || input_name_type == GSS_C_NT_USER_NAME
- || input_name_type == GSS_KRB5_NT_PRINCIPAL_NAME)
- /* default printable syntax */
- return import_krb5_name (minor_status,
- input_name_buffer,
- output_name);
- else
- return GSS_S_BAD_NAMETYPE;
-}
diff --git a/lib/gssapi/krb5/indicate_mechs.c b/lib/gssapi/krb5/indicate_mechs.c
deleted file mode 100644
index 5fd2cace0f..0000000000
--- a/lib/gssapi/krb5/indicate_mechs.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_indicate_mechs
- (OM_uint32 * minor_status,
- gss_OID_set * mech_set
- )
-{
- *mech_set = malloc(sizeof(**mech_set));
- if (*mech_set == NULL) {
- return GSS_S_FAILURE;
- }
- (*mech_set)->count = 1;
- (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc));
- if ((*mech_set)->elements == NULL) {
- free (*mech_set);
- return GSS_S_FAILURE;
- }
- (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/init.c b/lib/gssapi/krb5/init.c
deleted file mode 100644
index 00be8420ed..0000000000
--- a/lib/gssapi/krb5/init.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-void
-gssapi_krb5_init (void)
-{
- if(gssapi_krb5_context == NULL)
- krb5_init_context (&gssapi_krb5_context);
-}
diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
deleted file mode 100644
index cb77ac0b4b..0000000000
--- a/lib/gssapi/krb5/init_sec_context.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-static OM_uint32
-init_auth
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret = GSS_S_FAILURE;
- krb5_error_code kret;
- krb5_flags ap_options;
- krb5_creds this_cred, *cred;
- krb5_data outbuf;
- krb5_ccache ccache;
- u_int32_t flags;
- Authenticator *auth;
- krb5_data authenticator;
- Checksum cksum;
- krb5_enctype enctype;
-
- outbuf.length = 0;
- outbuf.data = NULL;
-
- *minor_status = 0;
-
- *context_handle = malloc(sizeof(**context_handle));
- if (*context_handle == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- (*context_handle)->auth_context = NULL;
- (*context_handle)->source = NULL;
- (*context_handle)->target = NULL;
- (*context_handle)->flags = 0;
- (*context_handle)->more_flags = 0;
- (*context_handle)->ticket = NULL;
-
- kret = krb5_auth_con_init (gssapi_krb5_context,
- &(*context_handle)->auth_context);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- {
- int32_t tmp;
-
- krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &tmp);
- tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- tmp);
- }
-
- if (actual_mech_type)
- *actual_mech_type = GSS_KRB5_MECHANISM;
-
- flags = 0;
- ap_options = 0;
- if (req_flags & GSS_C_DELEG_FLAG)
- ; /* XXX */
- if (req_flags & GSS_C_MUTUAL_FLAG) {
- flags |= GSS_C_MUTUAL_FLAG;
- ap_options |= AP_OPTS_MUTUAL_REQUIRED;
- }
- if (req_flags & GSS_C_REPLAY_FLAG)
- ; /* XXX */
- if (req_flags & GSS_C_SEQUENCE_FLAG)
- ; /* XXX */
- if (req_flags & GSS_C_ANON_FLAG)
- ; /* XXX */
- flags |= GSS_C_CONF_FLAG;
- flags |= GSS_C_INTEG_FLAG;
- flags |= GSS_C_SEQUENCE_FLAG;
-
- if (ret_flags)
- *ret_flags = flags;
- (*context_handle)->flags = flags;
- (*context_handle)->more_flags = LOCAL;
-
- kret = krb5_cc_default (gssapi_krb5_context, &ccache);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_cc_get_principal (gssapi_krb5_context,
- ccache,
- &(*context_handle)->source);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- target_name,
- &(*context_handle)->target);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- memset(&this_cred, 0, sizeof(this_cred));
- this_cred.client = (*context_handle)->source;
- this_cred.server = (*context_handle)->target;
- this_cred.times.endtime = 0;
- this_cred.session.keytype = ETYPE_DES_CBC_CRC;
-
- kret = krb5_get_credentials (gssapi_krb5_context,
- KRB5_TC_MATCH_KEYTYPE,
- ccache,
- &this_cred,
- &cred);
-
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- krb5_auth_con_setkey(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &cred->session);
-
- kret = gssapi_krb5_create_8003_checksum (input_chan_bindings,
- flags,
- &cksum);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
-#if 1
- enctype = (*context_handle)->auth_context->keyblock->keytype;
-#else
- if ((*context_handle)->auth_context->enctype)
- enctype = (*context_handle)->auth_context->enctype;
- else {
- kret = krb5_keytype_to_enctype(gssapi_krb5_context,
- (*context_handle)->auth_context->keyblock->keytype,
- &enctype);
- if (kret)
- return kret;
- }
-#endif
-
-
-
- kret = krb5_build_authenticator (gssapi_krb5_context,
- (*context_handle)->auth_context,
- enctype,
- cred,
- &cksum,
- &auth,
- &authenticator);
-
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_build_ap_req (gssapi_krb5_context,
- enctype,
- cred,
- ap_options,
- authenticator,
- &outbuf);
-
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- ret = gssapi_krb5_encapsulate (&outbuf,
- output_token,
- "\x01\x00");
- if (ret) {
- *minor_status = kret;
- goto failure;
- }
-
- if (flags & GSS_C_MUTUAL_FLAG) {
- return GSS_S_CONTINUE_NEEDED;
- } else {
- (*context_handle)->more_flags |= OPEN;
- return GSS_S_COMPLETE;
- }
-
-failure:
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- free (*context_handle);
- krb5_data_free (&outbuf);
- *context_handle = GSS_C_NO_CONTEXT;
- return ret;
-}
-
-static OM_uint32
-repl_mutual
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret;
- krb5_error_code kret;
- krb5_data indata;
- krb5_ap_rep_enc_part *repl;
-
- ret = gssapi_krb5_decapsulate (input_token,
- &indata,
- "\x02\x00");
- if (ret) {
- /* XXX - Handle AP_ERROR */
- return GSS_S_FAILURE;
- }
-
- kret = krb5_rd_rep (gssapi_krb5_context,
- (*context_handle)->auth_context,
- &indata,
- &repl);
- if (kret)
- return GSS_S_FAILURE;
- krb5_free_ap_rep_enc_part (gssapi_krb5_context,
- repl);
-
- output_token->length = 0;
-
- (*context_handle)->more_flags |= OPEN;
-
- return GSS_S_COMPLETE;
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 gss_init_sec_context
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- gssapi_krb5_init ();
-
- if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
- return init_auth (minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec);
- else
- return repl_mutual(minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec);
-}
diff --git a/lib/gssapi/krb5/inquire_context.c b/lib/gssapi/krb5/inquire_context.c
deleted file mode 100644
index ce040773d2..0000000000
--- a/lib/gssapi/krb5/inquire_context.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_inquire_context (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_name_t * src_name,
- gss_name_t * targ_name,
- OM_uint32 * lifetime_rec,
- gss_OID * mech_type,
- OM_uint32 * ctx_flags,
- int * locally_initiated,
- int * open
- )
-{
- OM_uint32 ret;
-
- if (src_name) {
- ret = gss_duplicate_name (minor_status,
- context_handle->source,
- src_name);
- if (ret)
- return ret;
- }
-
- if (targ_name) {
- ret = gss_duplicate_name (minor_status,
- context_handle->target,
- targ_name);
- if (ret)
- return ret;
- }
-
- if (lifetime_rec)
- *lifetime_rec = GSS_C_INDEFINITE;
-
- if (mech_type)
- *mech_type = GSS_KRB5_MECHANISM;
-
- if (ctx_flags)
- *ctx_flags = context_handle->flags;
-
- if (locally_initiated)
- *locally_initiated = context_handle->more_flags & LOCAL;
-
- if (open)
- *open = context_handle->more_flags & OPEN;
-
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/inquire_cred.c b/lib/gssapi/krb5/inquire_cred.c
deleted file mode 100644
index fd24f74d13..0000000000
--- a/lib/gssapi/krb5/inquire_cred.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_inquire_cred
- (OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- gss_name_t * name,
- OM_uint32 * lifetime,
- gss_cred_usage_t * cred_usage,
- gss_OID_set * mechanisms
- )
-{
- OM_uint32 ret;
-
- if (cred_handle == GSS_C_NO_CREDENTIAL) {
- return GSS_S_FAILURE;
- }
-
- if (name != NULL) {
- ret = gss_duplicate_name(minor_status, cred_handle->principal, name);
- if (ret) {
- return ret;
- }
- }
- if (lifetime != NULL) {
- *lifetime = cred_handle->lifetime;
- }
- if (cred_usage != NULL) {
- *cred_usage = cred_handle->usage;
- }
- if (mechanisms != NULL) {
- ret = gss_create_empty_oid_set(minor_status, mechanisms);
- if (ret) {
- return ret;
- }
- ret = gss_add_oid_set_member(minor_status,
- &cred_handle->mechanisms->elements[0],
- mechanisms);
- if (ret) {
- return ret;
- }
- }
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/release_buffer.c b/lib/gssapi/krb5/release_buffer.c
deleted file mode 100644
index 755edbbd27..0000000000
--- a/lib/gssapi/krb5/release_buffer.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_release_buffer
- (OM_uint32 * minor_status,
- gss_buffer_t buffer
- )
-{
- free (buffer->value);
- buffer->length = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/release_cred.c b/lib/gssapi/krb5/release_cred.c
deleted file mode 100644
index f95d8c717b..0000000000
--- a/lib/gssapi/krb5/release_cred.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_release_cred
- (OM_uint32 * minor_status,
- gss_cred_id_t * cred_handle
- )
-{
- if (*cred_handle == GSS_C_NO_CREDENTIAL) {
- return GSS_S_COMPLETE;
- }
-
- gssapi_krb5_init ();
-
- krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
- if ((*cred_handle)->keytab != NULL)
- krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
- gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
- free(*cred_handle);
- *cred_handle = GSS_C_NO_CREDENTIAL;
- return GSS_S_COMPLETE;
-}
-
diff --git a/lib/gssapi/krb5/release_name.c b/lib/gssapi/krb5/release_name.c
deleted file mode 100644
index 2558069f7e..0000000000
--- a/lib/gssapi/krb5/release_name.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_release_name
- (OM_uint32 * minor_status,
- gss_name_t * input_name
- )
-{
- gssapi_krb5_init ();
- krb5_free_principal(gssapi_krb5_context,
- *input_name);
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/release_oid_set.c b/lib/gssapi/krb5/release_oid_set.c
deleted file mode 100644
index 57a50d62f2..0000000000
--- a/lib/gssapi/krb5/release_oid_set.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_release_oid_set
- (OM_uint32 * minor_status,
- gss_OID_set * set
- )
-{
- free ((*set)->elements);
- free (*set);
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/test_oid_set_member.c b/lib/gssapi/krb5/test_oid_set_member.c
deleted file mode 100644
index 6b1d961e56..0000000000
--- a/lib/gssapi/krb5/test_oid_set_member.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_test_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member,
- const gss_OID_set set,
- int * present
- )
-{
- size_t i;
-
- *present = 0;
- for (i = 0; i < set->count; ++i)
- if (member->length == set->elements[i].length
- && memcmp (member->elements,
- set->elements[i].elements,
- member->length) == 0) {
- *present = 1;
- break;
- }
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
deleted file mode 100644
index f36bce52b4..0000000000
--- a/lib/gssapi/krb5/unwrap.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32
-gss_krb5_getsomekey(const gss_ctx_id_t context_handle,
- des_cblock *key)
-{
- /* XXX this is ugly, and probably incorrect... */
- krb5_keyblock *skey;
- krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getremotesubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- return GSS_S_FAILURE;
- memcpy(key, skey->keyvalue.data, sizeof(*key));
- krb5_free_keyblock(gssapi_krb5_context, skey);
- return 0;
-}
-
-OM_uint32 gss_unwrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- gss_qop_t * qop_state
- )
-{
- u_char *p, *pad;
- size_t len;
- struct md5 md5;
- u_char hash[16], seq_data[8];
- des_key_schedule schedule;
- des_cblock key;
- des_cblock zero;
- int i;
- int32_t seq_number;
- size_t padlength;
- OM_uint32 ret;
- int cstate;
-
- p = input_message_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- input_message_buffer->length,
- "\x02\x01");
- if (ret)
- return ret;
-
- if (memcmp (p, "\x00\x00", 2) != 0)
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\x00\x00", 2) == 0) {
- cstate = 1;
- } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
- cstate = 0;
- } else
- return GSS_S_BAD_MIC;
- p += 2;
- if(conf_state != NULL)
- *conf_state = cstate;
- if (memcmp (p, "\xff\xff", 2) != 0)
- return GSS_S_DEFECTIVE_TOKEN;
- p += 2;
- p += 16;
-
- len = p - (u_char *)input_message_buffer->value;
-
- if(cstate) {
- /* decrypt data */
- gss_krb5_getsomekey(context_handle, &key);
- for (i = 0; i < sizeof(key); ++i)
- key[i] ^= 0xf0;
- des_set_key (&key, schedule);
- memset (&zero, 0, sizeof(zero));
- des_cbc_encrypt ((des_cblock *)p,
- (des_cblock *)p,
- input_message_buffer->length - len,
- schedule,
- &zero,
- DES_DECRYPT);
-
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
- }
- /* check pad */
-
- pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
- padlength = *pad;
-
- for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
- ;
- if (i != 0)
- return GSS_S_BAD_MIC;
-
- md5_init (&md5);
- md5_update (&md5, p - 24, 8);
- md5_update (&md5, p, input_message_buffer->length - len);
- md5_finito (&md5, hash);
-
- memset (&zero, 0, sizeof(zero));
- gss_krb5_getsomekey(context_handle, &key);
- des_set_key (&key, schedule);
- des_cbc_cksum ((des_cblock *)hash,
- (des_cblock *)hash, sizeof(hash), schedule, &zero);
- if (memcmp (p - 8, hash, 8) != 0)
- return GSS_S_BAD_MIC;
-
- /* verify sequence number */
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq_data[0] = (seq_number >> 0) & 0xFF;
- seq_data[1] = (seq_number >> 8) & 0xFF;
- seq_data[2] = (seq_number >> 16) & 0xFF;
- seq_data[3] = (seq_number >> 24) & 0xFF;
- memset (seq_data + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
-
- p -= 16;
- des_set_key (&key, schedule);
- des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
- schedule, (des_cblock *)hash, DES_DECRYPT);
-
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
-
- if (memcmp (p, seq_data, 8) != 0) {
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* copy out data */
-
- output_message_buffer->length = input_message_buffer->length
- - len - 8 - padlength;
- output_message_buffer->value = malloc(output_message_buffer->length);
- if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
- return GSS_S_FAILURE;
- memcpy (output_message_buffer->value,
- p + 24,
- output_message_buffer->length);
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/v1.c b/lib/gssapi/krb5/v1.c
deleted file mode 100644
index 781a87881e..0000000000
--- a/lib/gssapi/krb5/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 gss_sign
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int qop_req,
- gss_buffer_t message_buffer,
- gss_buffer_t message_token
- )
-{
- return gss_get_mic(minor_status,
- context_handle,
- (gss_qop_t)qop_req,
- message_buffer,
- message_token);
-}
-
-OM_uint32 gss_verify
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t message_buffer,
- gss_buffer_t token_buffer,
- int * qop_state
- )
-{
- return gss_verify_mic(minor_status,
- context_handle,
- message_buffer,
- token_buffer,
- (gss_qop_t *)qop_state);
-}
-
-OM_uint32 gss_seal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- )
-{
- return gss_wrap(minor_status,
- context_handle,
- conf_req_flag,
- (gss_qop_t)qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer);
-}
-
-OM_uint32 gss_unseal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- int * qop_state
- )
-{
- return gss_unwrap(minor_status,
- context_handle,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- (gss_qop_t *)qop_state);
-}
diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c
deleted file mode 100644
index ef1c6c4f8b..0000000000
--- a/lib/gssapi/krb5/verify_mic.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_verify_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state
- )
-{
- u_char *p;
- struct md5 md5;
- u_char hash[16], seq_data[8];
- des_key_schedule schedule;
- des_cblock key;
- des_cblock zero;
- int32_t seq_number;
- OM_uint32 ret;
-
- p = token_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- token_buffer->length,
- "\x01\x01");
- if (ret)
- return ret;
-
- if (memcmp(p, "\x00\x00", 2) != 0)
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
- return GSS_S_BAD_MIC;
- p += 4;
- p += 16;
-
- /* verify checksum */
- md5_init (&md5);
- md5_update (&md5, p - 24, 8);
- md5_update (&md5, message_buffer->value,
- message_buffer->length);
- md5_finito (&md5, hash);
-
- memset (&zero, 0, sizeof(zero));
-#if 0
- memcpy (&key, context_handle->auth_context->key.keyvalue.data,
- sizeof(key));
-#endif
- memcpy (&key, context_handle->auth_context->remote_subkey->keyvalue.data,
- sizeof(key));
-
- des_set_key (&key, schedule);
- des_cbc_cksum ((des_cblock *)hash,
- (des_cblock *)hash, sizeof(hash), schedule, &zero);
- if (memcmp (p - 8, hash, 8) != 0) {
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
- return GSS_S_BAD_MIC;
- }
-
- /* verify sequence number */
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq_data[0] = (seq_number >> 0) & 0xFF;
- seq_data[1] = (seq_number >> 8) & 0xFF;
- seq_data[2] = (seq_number >> 16) & 0xFF;
- seq_data[3] = (seq_number >> 24) & 0xFF;
- memset (seq_data + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
-
- p -= 16;
- des_set_key (&key, schedule);
- des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
- schedule, (des_cblock *)hash, DES_DECRYPT);
-
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
-
- if (memcmp (p, seq_data, 8) != 0) {
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- return GSS_S_COMPLETE;
-}
diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c
deleted file mode 100644
index 8a74032626..0000000000
--- a/lib/gssapi/krb5/wrap.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id$");
-
-OM_uint32 gss_wrap_size_limit (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- OM_uint32 req_output_size,
- OM_uint32 * max_input_size
- )
-{
- size_t len, total_len, padlength;
- padlength = 8 - (req_output_size % 8);
- len = req_output_size + 8 + padlength + 22;
- gssapi_krb5_encap_length(len, &len, &total_len);
- *max_input_size = (OM_uint32)total_len;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_wrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- )
-{
- u_char *p;
- struct md5 md5;
- u_char hash[16];
- des_key_schedule schedule;
- des_cblock key;
- des_cblock zero;
- int i;
- int32_t seq_number;
- size_t len, total_len, padlength;
-
- padlength = 8 - (input_message_buffer->length % 8);
- len = input_message_buffer->length + 8 + padlength + 22;
- gssapi_krb5_encap_length (len, &len, &total_len);
-
- output_message_buffer->length = total_len;
- output_message_buffer->value = malloc (total_len);
- if (output_message_buffer->value == NULL)
- return GSS_S_FAILURE;
-
- p = gssapi_krb5_make_header(output_message_buffer->value,
- len,
- "\x02\x01");
-
-
- /* SGN_ALG */
- memcpy (p, "\x00\x00", 2);
- p += 2;
- /* SEAL_ALG */
- if(conf_req_flag)
- memcpy (p, "\x00\x00", 2);
- else
- memcpy (p, "\xff\xff", 2);
- p += 2;
- /* Filler */
- memcpy (p, "\xff\xff", 2);
- p += 2;
-
- /* fill in later */
- memset (p, 0, 16);
- p += 16;
-
- /* confounder + data + pad */
- des_new_random_key((des_cblock*)p);
- memcpy (p + 8, input_message_buffer->value,
- input_message_buffer->length);
- memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
- /* checksum */
- md5_init (&md5);
- md5_update (&md5, p - 24, 8);
- md5_update (&md5, p, input_message_buffer->length + padlength + 8);
- md5_finito (&md5, hash);
-
- memset (&zero, 0, sizeof(zero));
- gss_krb5_getsomekey(context_handle, &key);
- des_set_key (&key, schedule);
- des_cbc_cksum ((des_cblock *)hash,
- (des_cblock *)hash, sizeof(hash), schedule, &zero);
- memcpy (p - 8, hash, 8);
-
- /* sequence number */
- krb5_auth_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- p -= 16;
- p[0] = (seq_number >> 0) & 0xFF;
- p[1] = (seq_number >> 8) & 0xFF;
- p[2] = (seq_number >> 16) & 0xFF;
- p[3] = (seq_number >> 24) & 0xFF;
- memset (p + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
- des_set_key (&key, schedule);
- des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
- schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
- krb5_auth_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* encrypt the data */
- p += 16;
-
- if(conf_req_flag) {
- gss_krb5_getsomekey(context_handle, &key);
- for (i = 0; i < sizeof(key); ++i)
- key[i] ^= 0xf0;
- des_set_key (&key, schedule);
- memset (&zero, 0, sizeof(zero));
- des_cbc_encrypt ((des_cblock *)p,
- (des_cblock *)p,
- 8 + input_message_buffer->length + padlength,
- schedule,
- &zero,
- DES_ENCRYPT);
-
- memset (key, 0, sizeof(key));
- memset (schedule, 0, sizeof(schedule));
- }
- if(conf_state != NULL)
- *conf_state = conf_req_flag;
- return GSS_S_COMPLETE;
-}
diff --git a/lib/kafs/kafs.3 b/lib/kafs/kafs.3
deleted file mode 100644
index 554d7bd443..0000000000
--- a/lib/kafs/kafs.3
+++ /dev/null
@@ -1,158 +0,0 @@
-.\" $Id$
-.\"
-.Dd May 7, 1997
-.Os KTH-KRB
-.Dt KAFS 3
-.Sh NAME
-.Nm k_hasafs ,
-.Nm k_pioctl ,
-.Nm k_unlog ,
-.Nm k_setpag ,
-.Nm k_afs_cell_of_file ,
-.Nm krb_afslog ,
-.Nm krb_afslog_uid
-\" .Nm krb5_afslog ,
-\" .Nm krb5_afslog_uid
-.Nd AFS library
-.Sh SYNOPSIS
-.Fd #include <kafs.h>
-.Ft int
-.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
-.Ft int
-.Fn k_hasafs
-.Ft int
-.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
-.Ft int
-.Fn k_setpag
-.Ft int
-.Fn k_unlog
-.Ft int
-.Fn krb_afslog "char *cell" "char *realm"
-.Ft int
-.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-\" .Ft krb5_error_code
-\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-\" .Ft krb5_error_code
-\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
-.Sh DESCRIPTION
-.Fn k_hasafs
-initializes some library internal structures, and tests for the
-presense of AFS in the kernel, none of the other functions should be
-called before
-.Fn k_hasafs
-is called, or if it fails.
-
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid
-obtains new tokens (and possibly tickets) for the specified
-.Fa cell
-and
-.Fa realm .
-If
-.Fa cell
-is
-.Dv NULL ,
-the local cell is used. If
-.Fa realm
-is
-.Dv NULL ,
-the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass
-.Dv NULL .
-.Fn krb_afslog
-will use the real user-id for the
-.Dv ViceId
-field in the token,
-.Fn krb_afslog_uid
-will use
-.Fa uid .
-
-\" .Fn krb5_afslog ,
-\" and
-\" .Fn krb5_afslog_uid
-\" are the Kerberos 5 equivalents of
-\" .Fn krb_afslog ,
-\" and
-\" .Fn krb_afslog_uid .
-\" The extra arguments are the ubiquitous context, and the cache id where
-\" to store any obtained tickets. Since AFS servers normally can't handle
-\" Kerberos 5 tickets directly, these functions will first obtain version
-\" 5 tickets for the requested cells, and then convert them to version 4
-\" tickets, that can be stashed in the kernel. To convert tickets the
-\" .Fn krb524_convert_creds_kdc
-\" function will be used.
-
-.Fn k_afs_cell_of_file
-will in
-.Fa cell
-return the cell of a specified file, no more than
-.Fa len
-characters is put in
-.Fa cell .
-
-.Fn k_pioctl
-does a
-.Fn pioctl
-syscall with the specified arguments. This function is equivalent to
-.Fn lpioctl .
-
-.Fn k_setpag
-initializes a new PAG.
-
-.Fn k_unlog
-removes destroys all tokens in the current PAG.
-
-.Sh ENVIRONMENT
-The following environment variable affect the mode of operation of
-.Nm kafs :
-.Bl -tag
-.It Ev AFS_SYSCALL
-Normally,
-.Nm kafs
-will try to figure out the correct system call(s) that are used by AFS
-by itself. If it does not manage to do that, or does it incorrectly,
-you can set this variable to the system call number or list of system
-call numbers that should be used.
-.El
-.Sh RETURN VALUES
-.Fn k_hasafs
-returns 1 if AFS is present in the kernel, 0 otherwise.
-.Fn krb_afslog
-and
-.Fn krb_afslog_uid
-returns 0 on success, or a kerberos error number on failure.
-.Fn k_afs_cell_of_file ,
-.Fn k_pioctl ,
-.Fn k_setpag ,
-and
-.Fn k_unlog
-all return the value of the underlaying system call, 0 on success.
-.Sh EXAMPLES
-The following code from
-.Nm login
-will obtain a new PAG and tokens for the local cell and the cell of
-the users home directory.
-.Bd -literal
-if (k_hasafs()) {
- char cell[64];
- k_setpag();
- if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
- krb_afslog(cell, NULL);
- krb_afslog(NULL, NULL);
-}
-.Ed
-.Sh ERRORS
-If any of these functions (appart from
-.Fn k_hasafs )
-is called without AFS beeing present in the kernel, the process will
-usually (depending on the operating system) receive a SIGSYS signal.
-.Sh SEE ALSO
-.Rs
-.%A Transarc Corporation
-.%J AFS-3 Programmer's Reference
-.%T File Server/Cache Manager Interface
-.%D 1991
-.Re
-.Sh BUGS
-.Ev AFS_SYSCALL
-has no effect under AIX.
diff --git a/lib/roken/err.hin b/lib/roken/err.hin
deleted file mode 100644
index e4dc06deee..0000000000
--- a/lib/roken/err.hin
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-#ifndef __ERR_H__
-#define __ERR_H__
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-extern const char *__progname;
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-void warnerr(int doerrno, const char *fmt, va_list ap)
- __attribute__ ((format (printf, 2, 0)));
-
-void verr(int eval, const char *fmt, va_list ap)
- __attribute__ ((noreturn, format (printf, 2, 0)));
-void err(int eval, const char *fmt, ...)
- __attribute__ ((noreturn, format (printf, 2, 3)));
-void verrx(int eval, const char *fmt, va_list ap)
- __attribute__ ((noreturn, format (printf, 2, 0)));
-void errx(int eval, const char *fmt, ...)
- __attribute__ ((noreturn, format (printf, 2, 3)));
-void vwarn(const char *fmt, va_list ap)
- __attribute__ ((format (printf, 1, 0)));
-void warn(const char *fmt, ...)
- __attribute__ ((format (printf, 1, 2)));
-void vwarnx(const char *fmt, va_list ap)
- __attribute__ ((format (printf, 1, 0)));
-void warnx(const char *fmt, ...)
- __attribute__ ((format (printf, 1, 2)));
-
-#endif /* __ERR_H__ */
diff --git a/lib/roken/fnmatch.hin b/lib/roken/fnmatch.hin
deleted file mode 100644
index 95c91d600b..0000000000
--- a/lib/roken/fnmatch.hin
+++ /dev/null
@@ -1,49 +0,0 @@
-/* $NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $ */
-
-/*-
- * Copyright (c) 1992, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)fnmatch.h 8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _FNMATCH_H_
-#define _FNMATCH_H_
-
-#define FNM_NOMATCH 1 /* Match failed. */
-
-#define FNM_NOESCAPE 0x01 /* Disable backslash escaping. */
-#define FNM_PATHNAME 0x02 /* Slash must be matched by slash. */
-#define FNM_PERIOD 0x04 /* Period must be matched by period. */
-
-int fnmatch (const char *, const char *, int);
-
-#endif /* !_FNMATCH_H_ */
diff --git a/lib/roken/glob.hin b/lib/roken/glob.hin
deleted file mode 100644
index bece48a89c..0000000000
--- a/lib/roken/glob.hin
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)glob.h 8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _GLOB_H_
-#define _GLOB_H_
-
-struct stat;
-typedef struct {
- int gl_pathc; /* Count of total paths so far. */
- int gl_matchc; /* Count of paths matching pattern. */
- int gl_offs; /* Reserved at beginning of gl_pathv. */
- int gl_flags; /* Copy of flags parameter to glob. */
- char **gl_pathv; /* List of paths matching pattern. */
- /* Copy of errfunc parameter to glob. */
- int (*gl_errfunc) (const char *, int);
-
- /*
- * Alternate filesystem access methods for glob; replacement
- * versions of closedir(3), readdir(3), opendir(3), stat(2)
- * and lstat(2).
- */
- void (*gl_closedir) (void *);
- struct dirent *(*gl_readdir) (void *);
- void *(*gl_opendir) (const char *);
- int (*gl_lstat) (const char *, struct stat *);
- int (*gl_stat) (const char *, struct stat *);
-} glob_t;
-
-#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
-#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
-#define GLOB_ERR 0x0004 /* Return on error. */
-#define GLOB_MARK 0x0008 /* Append / to matching directories. */
-#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
-#define GLOB_NOSORT 0x0020 /* Don't sort. */
-
-#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
-#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
-#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */
-#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
-#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
-#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
-
-#define GLOB_NOSPACE (-1) /* Malloc call failed. */
-#define GLOB_ABEND (-2) /* Unignored error. */
-
-int glob (const char *, int, int (*)(const char *, int), glob_t *);
-void globfree (glob_t *);
-
-#endif /* !_GLOB_H_ */
--
GitLab