Importing crypto libraries

- crypto/external/bsd/heimdal
 - crypto/external/bsd/libsaslc
 - crypto/external/bsd/netpgp
 - crypto/external/bsd/openssl

Change-Id: I91dbf05f33e637edf5b9bb408d5baddd7ba8cf75

crypto/Makefile.openssl

@@ -0,0 +1,18 @@
+#	$NetBSD: Makefile.openssl,v 1.10 2009/09/23 04:02:28 tls Exp $
+
+.ifndef _MAKEFILE_OPENSSL_INCLUDED
+_MAKEFILE_OPENSSL_INCLUDED=1
+
+.include <bsd.own.mk>
+
+OPENSSLSRC=	${CRYPTODIST}/external/bsd/openssl/dist
+CPPFLAGS+=	-DOPENSSLDIR=\"/etc/openssl\"
+CPPFLAGS+=	-DENGINESDIR=\"/usr/lib/openssl\"
+CPPFLAGS+=	-DDSO_DLFCN -DHAVE_DLFCN_H
+
+.if defined(__MINIX)
+CPPFLAGS+=	-DOPENSSL_NO_SCTP
+CPPFLAGS+=	-DOPENSSL_DISABLE_OLD_DES_SUPPORT
+.endif # defined(__MINIX)
+
+.endif

crypto/TODO

@@ -0,0 +1,11 @@
+$NetBSD: TODO,v 1.8 2006/03/23 19:58:03 wiz Exp $
+
+- Make the Heimdal Kerberos V API much more like the MIT API.  The
+  current situation means that basically no krb5-aware programs can
+  work with Heimdal without significant modification.  This includes
+  making compatibility links for e.g. libk5crypto -> libcrypto, etc.
+
+  Currently known-broken Kerberos-aware packages:
+  - ssh and ssh6
+
+- Make rcp, rlogin, ftpd, and ftp work with Kerberos again.

crypto/external/Makefile

@@ -0,0 +1,10 @@
+#	$NetBSD: Makefile,v 1.3 2013/02/12 20:55:37 christos Exp $
+
+.include <bsd.own.mk>
+
+.if (${MKCRYPTO} != "no")
+#MINIX: Not yet imported: cpl
+SUBDIR+= bsd
+.endif
+
+.include <bsd.subdir.mk>

crypto/external/README

@@ -0,0 +1,78 @@
+$NetBSD: README,v 1.3 2012/01/28 01:30:42 christos Exp $
+
+Organization of Sources:
+
+This directory hierarchy is using an organization that separates
+crypto source for programs that we have obtained from external third
+parties (where NetBSD is not the primary maintainer) from the system
+source.
+
+This README file is derived from the README file in src/external.
+
+The hierarchy is grouped by license, and then package per license,
+and is organized as follows:
+
+	crypto/external/
+
+	    Makefile
+			Descend into the license sub-directories.
+
+	    <license>/
+			Per-license sub-directories.
+
+		Makefile
+			Descend into the package sub-directories.
+
+		<package>/
+			Per-package sub-directories.
+
+		    Makefile
+			Build the package.
+			
+		    dist/
+			The third-party source for a given package.
+
+		    bin/
+		    lib/
+		    sbin/
+			BSD makefiles "reach over" from these into
+			"../dist/".
+
+This arrangement allows for packages to be easily disabled or
+excised as necessary, either on a per-license or per-package basis.
+
+The licenses currently used are:
+
+	bsd		BSD (or equivalent) licensed software, possibly with
+			the "advertising clause".
+	cpl		Common Public License
+			http://www.opensource.org/licenses/cpl1.0
+
+If a package has components covered by different licenses
+(for example, GPL2 and the LGPL), use the <license> subdirectory
+for the more restrictive license.
+
+If a package allows the choice of a license to use, we'll
+generally use the less restrictive license.
+
+If in doubt about where a package should be located, please
+contact <core@NetBSD.org> for advice.
+
+
+Migration Strategy:
+
+
+Eventually src/dist (and associated framework in other base source
+directories) and src/gnu will be migrated to this hierarchy.
+
+
+Maintenance Strategy:
+
+The sources under src/crypto/external/<license>/<package>/dist/ are
+generally a combination of a published distribution plus changes
+that we submit to the maintainers and that are not yet published
+by them.
+
+Make sure all changes made to the external sources are submitted
+to the appropriate maintainer, but only after coordinating with
+the NetBSD maintainers.

crypto/external/bsd/Makefile

@@ -0,0 +1,11 @@
+#	$NetBSD: Makefile,v 1.12 2013/02/12 20:31:14 christos Exp $
+
+.include <bsd.own.mk>
+
+.if defined(__MINIX)
+SUBDIR+= openssl .WAIT heimdal netpgp .WAIT libsaslc
+.else
+SUBDIR+= openssl .WAIT heimdal netpgp .WAIT openssh libsaslc
+.endif # defined(__MINIX)
+
+.include <bsd.subdir.mk>

crypto/external/bsd/heimdal/Makefile

@@ -0,0 +1,5 @@
+#	$NetBSD: Makefile,v 1.1 2011/04/13 19:16:44 elric Exp $
+
+SUBDIR=		lib .WAIT bin libexec sbin
+
+.include <bsd.subdir.mk>

crypto/external/bsd/heimdal/Makefile.inc

@@ -0,0 +1,47 @@
+# $NetBSD: Makefile.inc,v 1.2 2011/04/16 18:41:58 he Exp $
+
+HEIMBASE?=	${NETBSDSRCDIR}/crypto/external/bsd/heimdal
+HEIMDIST=	${HEIMBASE}/dist
+
+SSLBASE?=	${NETBSDSRCDIR}/crypto/external/bsd/openssl
+
+LIBVERSDIR!=	cd ${HEIMBASE}/lib/libvers && ${PRINTOBJDIR}
+LIBVERS=	${LIBVERSDIR}/libvers.a
+
+LIBIPCDIR!=	cd ${HEIMBASE}/lib/libipc && ${PRINTOBJDIR}
+LIBIPC=		${LIBIPCDIR}/libipc.a
+.if ${MKPICLIB} != "yes"
+LIBIPC_PIC=	${LIBIPCDIR}/libipc.a
+.else
+LIBIPC_PIC=	${LIBIPCDIR}/libipc_pic.a
+.endif
+
+.if ${USETOOLS} != "yes"
+COMPILEETOBJ!=     cd ${HEIMBASE}/lib/libcom_err/compile_et && ${PRINTOBJDIR}
+TOOL_COMPILE_ET=   ${COMPILEETOBJ}/compile_et
+
+ASN1COMPILEOBJ!=   cd ${HEIMBASE}/lib/libasn1/asn1_compile && ${PRINTOBJDIR}
+TOOL_ASN1_COMPILE= ${ASN1COMPILEOBJ}/asn1_compile
+
+SLCOBJ!=	cd ${HEIMBASE}/lib/libsl/slc && ${PRINTOBJDIR}
+TOOL_SLC=	${SLCOBJ}/slc
+.endif
+
+#
+# We now define what are standard CPP flags across Heimdal:
+
+.if (${USE_INET6} != "no")
+CPPFLAGS+=-DHAVE_IPV6
+HOST_CPPFLAGS+=-DHAVE_IPV6
+.endif
+
+.if ${MKPIC} == "no"
+CPPFLAGS+=	-DNO_DLOPEN
+.endif
+
+CPPFLAGS+=	-DHAVE_CONFIG_H
+HOST_CPPFLAGS+=	-DHAVE_CONFIG_H
+
+CPPFLAGS+= ${.PATH:S/^/-I/}
+CPPFLAGS+= -I${HEIMBASE}/include
+CPPFLAGS+= -I${HEIMDIST}/include

crypto/external/bsd/heimdal/Makefile.rules.inc

@@ -0,0 +1,107 @@
+# $NetBSD: Makefile.rules.inc,v 1.7 2012/09/05 19:31:04 christos Exp $
+
+SRCS+= ${HEIMSRCS:N*.et:N*.in:N*.asn1}
+
+.for et_src in ${HEIMSRCS:M*.et}
+CLEANFILES+=		${et_src:.et=.c} ${et_src:.et=.h}
+DPSRCS+=		${et_src:.et=.c} ${et_src:.et=.h}
+COMPILE_ET_INCS+=	${et_src:.et=.h}
+OBJS+=			${et_src:.et=.o}
+
+${et_src:.et=.c} ${et_src:.et=.h}: ${et_src} ${TOOL_COMPILE_ET}
+	${TOOL_COMPILE_ET} ${.ALLSRC:[1]}
+
+.endfor
+
+.for src in ${HEIMSRCS:M*.asn1}
+ASN1_FILES.${src}	?= asn1_${src:.asn1=_asn1.x}
+
+.if ${ASN1_FILES.${src}:[\#]} == 1
+ASN1_OPTS.${src} ?= --one-code-file
+.endif
+
+CLEANFILES+=				\
+	${src:.asn1=_asn1_files}	\
+	${src:.asn1=_asn1-template.c}	\
+	${ASN1_FILES.${src}}		\
+	${ASN1_FILES.${src}:.x=.c}	\
+	${src:.asn1=_asn1.h}		\
+	${src:.asn1=_asn1.hx}		\
+	${src:.asn1=_asn1-priv.h}	\
+	${src:.asn1=_asn1-priv.hx}	\
+	${src:.asn1=.ts}
+
+ASN1_INCS += ${src:.asn1=_asn1.h}
+
+DPSRCS +=	${src:.asn1=_asn1.h} ${src:.asn1=_asn1-priv.h}
+OBJS +=		${ASN1_FILES.${src}:.x=.o}
+
+${ASN1_FILES.${src}} ${src:.asn1=_asn1.h} ${src:.asn1=_asn1-priv.h}: \
+	 ${src:.asn1=.ts}
+
+.if exists(${src:.asn1=.opt})
+${src:.asn1=.ts}: ${src} ${src:.asn1=.opt} ${TOOL_ASN1_COMPILE}
+	@touch $@
+	${TOOL_ASN1_COMPILE}			\
+		${ASN1_OPTS.${src}}		\
+		--option-file=${.ALLSRC:[2]}	\
+		${.ALLSRC:[1]} ${src:.asn1=_asn1}
+	@${TOOL_SED} -E 						\
+	    -e 's,#include <(.*)_asn1\.h>,#include <krb5/\1_asn1.h>,'	\
+	    2> /dev/null < ${src:.asn1=_asn1.hx} > ${src:.asn1=_asn1.h}
+	@cmp -s ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h}	\
+	    2> /dev/null ||						\
+	    cp ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h}
+.else
+${src:.asn1=.ts}: ${src} ${TOOL_ASN1_COMPILE}
+	@touch $@
+	${TOOL_ASN1_COMPILE}			\
+		${ASN1_OPTS.${src}}		\
+		${.ALLSRC:[1]} ${src:.asn1=_asn1}
+	@${TOOL_SED} -E 						\
+	    -e 's,#include <(.*)_asn1\.h>,#include <krb5/\1_asn1.h>,'	\
+	    2> /dev/null < ${src:.asn1=_asn1.hx} > ${src:.asn1=_asn1.h}
+	@cmp -s ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h}	\
+	    2> /dev/null ||						\
+	    cp ${src:.asn1=_asn1-priv.hx} ${src:.asn1=_asn1-priv.h}
+.endif
+
+.if ${MKREPRO:Uno} == "yes"
+NORMALIZE_SRC=-e "s@${NETBSDSRCDIR}@/usr/src@g" 
+.endif
+
+.for x2c in ${ASN1_FILES.${src}}
+${x2c:.x=.c}: ${x2c}
+	@${TOOL_SED} ${NORMALIZE_SRC} < ${x2c} > ${x2c}.r
+	@cmp -s ${x2c}.r ${x2c:.x=.c} 2> /dev/null || cp ${x2c}.r ${x2c:.x=.c}
+	@rm -f ${x2c}.r
+.endfor
+
+.endfor
+
+#
+# and for slc:
+
+.for slc_src in ${HEIMSRCS:M*.in}
+CLEANFILES+=	${slc_src:.in=.c} ${slc_src:.in=.h}
+DPSRCS+=	${slc_src:.in=.c} ${slc_src:.in=.h}
+OBJS+=		${slc_src:.in=.o}
+SLC_INCS+=	${slc_src:.in=.h}
+
+${slc_src:.in=.c} ${slc_src:.in=.h}: ${slc_src}
+	${TOOL_SLC} ${.ALLSRC}
+
+.endfor
+
+#
+# And a tiny bit of logic for bsd.prog.mk:
+
+.if defined(PROG) && defined(OBJS)
+OBJS.${PROG} += ${OBJS}
+.endif
+
+.if defined(LIB) && exists(version-script.map) && !defined(NO_VERSION_SCRIPT)
+version-script.map:
+
+LDFLAGS.lib${LIB} += -Wl,--version-script=${version-script.map:P}
+.endif

crypto/external/bsd/heimdal/bin/Makefile

@@ -0,0 +1,22 @@
+# $NetBSD: Makefile,v 1.1 2011/04/13 19:16:44 elric Exp $
+
+.include <bsd.own.mk>
+
+HEIMBASE=${.CURDIR}/..
+
+.if (${MKKERBEROS} != "no")
+SUBDIR =		\
+	gsstool		\
+	hxtool		\
+	kcc		\
+	kdestroy	\
+	kgetcred	\
+	kinit		\
+	kpasswd		\
+	krb5-config	\
+	string2key	\
+	verify_krb5_conf
+
+.endif	# MKKERBEROS != no
+
+.include <bsd.subdir.mk>

crypto/external/bsd/heimdal/bin/Makefile.inc

@@ -0,0 +1,11 @@
+# $NetBSD: Makefile.inc,v 1.2 2011/05/25 19:21:16 he Exp $
+
+BINDIR=/usr/bin
+
+LDADD+= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lwind
+LDADD+= -lheimbase ${LIBVERS}
+LDADD+= -lcrypto -lcrypt
+
+DPADD+= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBWIND}
+DPADD+= ${LIBHEIMBASE} ${LIBVERS}
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT}

crypto/external/bsd/heimdal/bin/gsstool/Makefile

@@ -0,0 +1,24 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/lib/gssapi
+
+PROG= gsstool
+
+HEIMSRCS=	gsstool.c gss-commands.in
+
+MAN=
+
+LDADD+= -lgssapi -lheimntlm
+LDADD+= -lsl ${LIBVERS} 
+LDADD+= -ledit -lterminfo
+DPADD+= ${LIBGSSAPI} ${LIBHEIMNTLM}
+DPADD+= ${LIBSL}
+DPADD+= ${LIBEDIT} ${LIBTERMINFO}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/hxtool/Makefile

@@ -0,0 +1,24 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/lib/hx509
+
+PROG= hxtool
+
+HEIMSRCS= hxtool.c hxtool-commands.in
+
+MAN=
+
+LDADD+= -lgssapi
+LDADD+= -lsl
+LDADD+= -ledit -lterminfo
+DPADD+= ${LIBGSSAPI}
+DPADD+= ${LIBSL}
+DPADD+= ${LIBEDIT} ${LIBTERMINFO}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/kcc/Makefile

@@ -0,0 +1,30 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kuser
+
+PROG= kcc
+LINKS+= ${BINDIR}/kcc ${BINDIR}/klist
+
+MAN= klist.1
+
+HEIMSRCS= kcc-commands.in
+
+SRCS=	copy_cred_cache.c	\
+	kcc.c			\
+	klist.c			\
+	kswitch.c
+
+CPPFLAGS+= -I${DESTDIR}/usr/include/krb5
+
+LDADD+= -lkafs -lsl
+LDADD+= -ledit -lterminfo
+DPADD+= ${LIBKAFS} ${LIBSL}
+DPADD+= ${LIBEDIT} ${LIBTERMINFO}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/kdestroy/Makefile

@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kuser
+
+PROG= kdestroy
+SRCS= kdestroy.c
+
+LDADD+= -lkafs -lsl -lheimntlm
+DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/kgetcred/Makefile

@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:16 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kuser
+
+PROG= kgetcred
+SRCS= kgetcred.c
+
+LDADD+= -lkafs -lsl -lheimntlm
+DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/kinit/Makefile

@@ -0,0 +1,19 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kuser
+
+PROG= kinit
+SRCS= kinit.c
+
+CPPFLAGS+= -I${HEIMDIST}/lib/ntlm
+
+LDADD+= -lkafs -lsl -lheimntlm
+DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/kpasswd/Makefile

@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kpasswd
+
+PROG= kpasswd
+SRCS= kpasswd.c
+
+LDADD+= -lkafs -lsl -lheimntlm
+DPADD+= ${LIBKAFS} ${LIBSL} ${LIBHEIMNTLM}
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/krb5-config/Makefile

@@ -0,0 +1,32 @@
+#	$NetBSD: Makefile,v 1.2 2013/04/12 18:08:10 joerg Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+.PATH:          ${HEIMDIST}/tools
+
+SCRIPTS=	krb5-config
+MAN=		krb5-config.1
+
+CLEANFILES+=	krb5-config
+
+krb5-config: krb5-config.in
+	${TOOL_SED} -e "s!@PACKAGE\@!heimdal!g" \
+	        -e "s!@VERSION\@!1.5pre1!g" \
+	        -e "s!@prefix\@!/!g" \
+	        -e "s!@exec_prefix\@!/!g" \
+	        -e "s!@libdir\@!/usr/lib!g" \
+	        -e "s!@includedir\@!/usr/include!g" \
+	        -e "s!@LIB_crypt\@!-lcrypt!g" \
+	        -e "s!@LIB_dbopen\@!!g" \
+	        -e "s!@INCLUDE_hcrypto\@!!g" \
+	        -e "s!@LIB_hcrypto_appl\@!-lcrypto!g" \
+	        -e "s!@LIB_dlopen\@!!g" \
+	        -e "s!@LIB_door_create\@!!g" \
+	        -e "s!@LIB_pkinit\@!-lhx509!g" \
+	        -e "s!@PTHREAD_LIBADD\@!!g" \
+	        -e "s!@LIBS\@!!g" \
+	        ${HEIMDIST}/tools/krb5-config.in > $@
+	chmod +x $@
+
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/string2key/Makefile

@@ -0,0 +1,24 @@
+# $NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+USE_FORT?= yes	# cryptographic software
+
+.PATH: ${HEIMDIST}/kdc
+
+PROG= string2key
+SRCS= string2key.c
+MAN=  string2key.8
+
+CPPFLAGS+= 				\
+	-I${HEIMDIST}/base		\
+	-I${HEIMDIST}/lib/krb5		\
+	-I${HEIMDIST}/lib/wind		\
+	-I${HEIMDIST}/kdc		\
+	-I${HEIMBASE}/include/krb5	\
+	-I${HEIMBASE}/lib/libheimntlm	\
+	-I${HEIMBASE}/lib/libwind	\
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/bin/verify_krb5_conf/Makefile

@@ -0,0 +1,24 @@
+#	$NetBSD: Makefile,v 1.2 2011/05/25 19:21:17 he Exp $
+
+WARNS?=	2	# XXX -Wextra
+
+NOLINT= # defined
+
+.include <bsd.own.mk>
+.include <${.CURDIR}/../../Makefile.inc>
+
+.PATH: ${HEIMDIST}/lib/krb5
+
+PROG= verify_krb5_conf
+MAN= verify_krb5_conf.8
+
+SRCS= verify_krb5_conf.c
+
+#CPPFLAGS+= -I.					\
+#	-I${DIST}/heimdal/lib/asn1		\
+#	-I${NETBSDSRCDIR}/include/heimdal	\
+#	-I${DESTDIR}/usr/include/krb5		\
+#	-DHAVE_CONFIG_H
+
+.include <${HEIMBASE}/Makefile.rules.inc>
+.include <bsd.prog.mk>

crypto/external/bsd/heimdal/dist/ChangeLog

@@ -0,0 +1,485 @@
+
+We stop writing change logs, see the source code version control systems history log instead
+	
+2008-07-28  Love Hornquist Astrand  <lha@h5l.org>
+
+	* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
+	issues invalid AFS tokens
+	(here "occasionally" means for certain users in certain realms).
+	
+	In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
+	is padded to a multiple of 8 bytes. If it is already a multiple of
+	8 bytes, 8 additional 0-bytes are added.
+	
+	This catches the AFS krb4 ticket decoder by surprise: unless the
+	ticket is exactly 56 bytes, it only supports the minimum necessary
+	padding.  It detects the superfluous padding by comparing the
+	ticket length decoded to the advertised ticket length.
+	
+	Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
+	40 bytes, got "padded" to 48 bytes which the rxkad decoder
+	rejected.
+	
+	From Rainer Toebbicke.
+
+2008-07-25  Love Hörnquist Åstrand  <lha@h5l.org>
+
+	* kuser/kinit.c: add --ok-as-delegate and --windows flags
+
+	* kpasswd/kpasswd-generator.c: Switch to krb5_set_password.
+
+	* kuser/kinit.c: Use krb5_cc_set_config.
+
+	* lib/krb5/cache.c: Add krb5_cc_[gs]et_config.
+
+2008-07-22  Love Hörnquist Åstrand  <lha@h5l.org>
+
+	* lib/krb5/crypto.c: Allow numbers to be enctypes to as long as
+	they are valid.
+
+2008-07-17  Love Hörnquist Åstrand  <lha@h5l.org>
+
+	* lib/hdb/version-script.map: some random bits needed for libkadm
+
+2008-07-15  Love Hörnquist Åstrand  <lha@h5l.org>
+
+	* lib/krb5/send_to_kdc_plugin.h: add name for send_to_kdc plugin.
+	
+	* lib/krb5/krbhst.c: handle KRB5_PLUGIN_NO_HANDLE for lookup
+	plugin.
+
+	* lib/krb5/send_to_kdc.c: Add support for the send_to_kdc plugin
+	interface.
+
+	* lib/krb5/Makefile.am: add send_to_kdc_plugin.h
+	
+	* lib/krb5/krb5_err.et: add plugin error codes
+
+2008-07-14  Love Hornquist Astrand  <lha@kth.se>
+
+	* lib/hdb/Makefile.am: EXTRA_DIST += version-script.map
+
+2008-07-14  Love Hornquist Astrand  <lha@kth.se>
+
+	* lib/krb5/krb5_{address,ccache}.3: spelling, from openbsd via janne
+	johansson
+
+2008-07-13  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/version-script.map: add krb5_free_error_message
+
+2008-06-21  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/init_creds_pw.c: switch to krb5_set_password().
+
+2008-06-18  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/time.c (krb5_set_real_time): handle negative usec
+
+2008-05-31  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/krb5_locl.h: Add <wind.h>
+
+	* lib/krb5/crypto.c: Use wind_utf8ucs2_length to convert the password to utf16.
+
+2008-05-30  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/kcm.c: Add back krb5_kcmcache argument to try_door().
+
+2008-05-27  Love Hörnquist Åstrand  <lha@kth.se>
+
+	* lib/krb5/error_string.c (krb5_free_error_message): constify
+	
+	* lib/krb5/error_string.c: Add krb5_get_error_message().
+
+	* lib/krb5/doxygen.c: krb5_cc_new_unique() is name of the creation
+	function.
+	
+2008-04-30  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/hdb/hdb-ldap.c: Use the _ext api for OpenLDAP, from Honza
+	Machacek (gentoo).
+
+2008-04-28  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/crypto.c: Use DES_set_key_unchecked().
+
+	* lib/krb5/krb5.conf.5: Document default_cc_type.
+
+	* lib/krb5/cache.c: Pick up [libdefaults]default_cc_type
+
+2008-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* kdc/kaserver.c: Use DES_set_key_unchecked().
+
+2008-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* doc/hx509.texi: About the pkcs11 module.
+
+	* doc/hx509.texi: Pick up version from vars.texi
+
+	* doc/hx509.texi: No MIT code in hx509.
+
+	* hx509 now includes a pkcs11 implementation.
+
+2008-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/hdb/Makefile.am: Move OpenLDAP includes to AM_CPPFLAGS to
+	avoid dropping other defines for the library.
+
+2008-04-17  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5: add __declspec() for windows.
+
+	* configure.in: Update rk_WIN32_EXPORT, add gssapi to
+	rk_WIN32_EXPORT.
+	
+	* configure.in: Lets try dependency tracking for automake 1.10 and
+	later.
+	
+	* configure.in: Use at least libtool-2.2.
+
+	* configure.in: Use LT_INIT the right way.
+
+	* lib/krb5/Makefile.am: Update make-proto usage.
+
+	* configure.in: Run autoupdate, use LT_INIT().
+
+2008-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/test_forward.c: Don't print krb5_error_code since we
+	are using krb5_err().
+
+	* lib/krb5/ticket.c: Cast krb5_error_code to int to avoid warning.
+
+	* lib/krb5/scache.c: Cast krb5_error_code to int to avoid warning.
+
+	* lib/krb5/principal.c: Cast enum to int to avoid warning.
+
+	* lib/krb5/pkinit.c: Cast krb5_error_code to int to avoid warning.
+
+	* lib/krb5/pac.c: Cast size_t to unsigned long to avoid warning.
+
+	* lib/krb5/error_string.c: Cast krb5_error_code to int to avoid
+	warning.
+
+	* lib/krb5/keytab_keyfile.c: Make num_entries an uint32 to avoid
+	negative numbers and type warnings.
+
+	* lib/krb5: cc_get_version returns an int, update.
+
+2008-04-10  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* configure.in: Check for <asl.h>.
+
+2008-04-09  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/version-script.map: sort and export _krb5_pk_kdf
+
+	* lib/krb5/crypto.c: Check kdf params. calculate the second half
+	of the key.
+
+	* lib/krb5/Makefile.am: Add test_pknistkdf
+
+	* lib/krb5/test_pknistkdf.c: Test the new pkinit nist kdf.
+
+	* lib/krb5/crypto.c: Complete _krb5_pk_kdf.
+
+	* lib/krb5/crypto.c: First version of KDF in
+	draft-ietf-krb-wg-pkinit-alg-agility-03.txt.
+	
+2008-04-08  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* doc/setup.texi: Add text about smbk5pwd overlay from Buchan
+	Milne.
+	
+	* lib/krb5/krb5_locl.h: Name the pkinit type enum.
+
+	* kdc/pkinit.c: Rename constants to match global header.
+
+	* lib/krb5/pkinit.c: Drop krb5_pk_identity and rename constants to
+	match global header.
+
+	* kdc/pkinit.c: Pick up krb5_pk_identity from krb5_locl.h.
+
+	* lib/krb5/scache.c (scc_alloc): %x is unsigned int.
+	
+2008-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/version-script.map: Sort and add krb5_cc_switch.
+
+	* lib/krb5/acache.c: Use unsigned where appropriate.
+
+	* kcm/glue.c: Adapt to chenge to krb5_cc_ops.
+
+	* kcm/acl.c: Add missing op.
+
+	* kdc/connect.c: Use unsigned where appropriate.
+
+	* lib/krb5/n-fold.c: Use size_t where appropriate.
+
+	* lib/krb5/get_addrs.c: Use unsigned where appropriate.
+
+	* lib/krb5/crypto.c: Use unsigned where appropriate.
+
+	* lib/krb5/crc.c: Use unsigned where appropriate.
+
+	* lib/krb5/changepw.c: simplify
+
+	* lib/krb5/copy_host_realm.c: simplify
+
+	* kuser/kswitch.c: Implement --principal.
+
+2008-04-05  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/cache.c: allow returning the default cc-type.
+
+	* kuser/kswitch.c: Enable switching between existing caches.
+
+	* lib/krb5/cache.c: Add krb5_cc_switch, to set the default
+	credential cache.
+
+	* lib/krb5/acache.c: Implement set_default.
+
+	* lib/krb5/krb5.h: Extend krb5_cc_ops and add set_default to set
+	the default cc name for a credential type.
+
+2008-04-04  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/test_cc.c: test remove
+
+	* lib/krb5/fcache.c: Make the remove cred slight more atomic, now
+	it might lose creds, but there will be no empty cache at any time.
+
+	* lib/krb5/scache.c: Do credential iteration by temporary table.
+
+2008-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/acache.c: Translate ccErrInvalidCCache.
+
+	* lib/krb5/scache.c: implemetation of a sqlite3 backed credential
+	cache.
+
+	* lib/krb5/test_cc.c: test acc and scc
+
+	* lib/krb5/acache.c: Only release context if its in use.
+
+2008-04-01  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* doc/setup.texi: No patching of OpenLDAP is needed, from Buchan
+	Milne.
+
+2008-03-30  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/Makefile.am: Add scache.
+
+	* lib/krb5/scache.c: initial implementation
+
+	* lib/Makefile.am: sqlite
+
+	* configure.in: lib/sqlite/Makefile
+
+2008-03-26  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/fcache.c: Make the storing credential an atomic
+	write(2) to avoid signal races, bug traced by Harald Barth and Lars
+	Malinowsky.
+
+2008-03-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/fcache.c: Make erase_file() do locking too.
+
+	* kcm/protocol.c: Make work when moving to a non-existant
+	cred-cache.
+
+	* lib/krb5/test_cc.c: more verbose info.
+	
+	* lib/krb5/test_cc.c: test krb5_cc_move().
+	
+2008-03-23  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* lib/krb5/get_cred.c: Try both kdc server referral and the old
+	client chasing mode.
+
+	* lib/krb5/get_cred.c: Don't do canonicalize by default, make
+	add_cred() sane, make loop detection in credential fetching
+	better.
+
+	* lib/krb5/krb5_locl.h: Add flag EXTRACT_TICKET_AS_REQ.
+
+	* lib/krb5/init_creds_pw.c: Tell _krb5_extract_ticket that this is
+	an AS-REQ.
+
+	* lib/krb5/get_in_tkt.c: Make server referral work.
+	
+2008-03-22  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* lib/krb5/get_in_tkt.c: check no server referral, don't use
+	stringent length tests since encryption layer does padding for
+	us...
+
+	* kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10
+
+	* lib/krb5/principal.c (_krb5_principal_compare_PrincipalName):
+	new function to compare a principal to a PrincipalName.
+
+	* lib/krb5/init_creds_pw.c: Move client referral checking to
+	_krb5_extract_ticket().
+
+	* lib/krb5/get_in_tkt.c: More bits for server referral.
+
+	* lib/krb5/get_in_tkt.c: Make working with client referrals.
+
+	* lib/krb5/get_cred.c: Try moving referrals checking into
+	_krb5_extract_ticket().
+
+	* lib/krb5/get_in_tkt.c: Try moving referrals checking into
+	_krb5_extract_ticket().
+
+2008-03-21  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead
+	of auth_data in ticket.
+
+2008-03-20  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/init_creds_pw.c: remove lost bits from using
+	krb5_principal_set_realm
+	
+	* kdc/krb5tgs.c: Better referrals support, use canonicalize flag.
+
+	* kdc/hprop.c: use krb5_principal_set_realm
+
+	* lib/krb5/init_creds_pw.c: use krb5_principal_set_realm
+
+	* lib/krb5/verify_user.c: use krb5_principal_set_realm
+
+	* lib/krb5/version-script.map: add krb5_principal_set_realm
+
+	* lib/krb5/principal.c: add krb5_principal_set_realm
+
+	* lib/krb5/get_cred.c: Insecure tgs referrals.
+
+	* lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for
+	TGS-REQ. This drop compatibility with pre 0.3d KDCs.
+	
+	* lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE.
+
+	* lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE.
+
+	* kuser/kgetcred.c: set KRB5_GC_CANONICALIZE.
+
+	* kuser/kgetcred.c: Add stub --canonicalize implementation.
+
+2008-03-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* doc/setup.texi: Fix sasl-regexp, from Howard Chu.
+
+2008-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* kdc/kx509.c: Adapt to hx509_env changes.
+	
+2008-03-10  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/pkinit.c: Try searchin the key by to use by first
+	looking for for PK-INIT EKU, then the Microsoft smart card EKU and
+	last, no special EKU at all.
+
+2008-03-09  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/acache.c: Create a new credential cache is ->get_name
+	is called, make acc_initialize() reset the existing credential
+	cache if needed.
+
+	* lib/krb5/acache.c (acc_get_name): just return the cache_name
+	directly instead of trying to resolve it.
+
+2008-02-23  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and
+	sort.
+
+2008-02-11  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer.
+
+	* lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones
+	via Brian May and Debian.
+
+	* doc/Makefile.am: add libwind
+
+2008-02-05  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis.
+
+	* lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From
+	Dennis Davis.
+
+2008-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* tools/heimdal-gssapi.pc.in: Add wind.
+
+	* tools/krb5-config.in: Add wind.
+
+	* lib/krb5/pac.c: Use libwind.
+
+2008-02-01  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/Makefile.am: SUBDIRS: add wind
+
+2008-01-29  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* doc/programming.texi: See the Kerberos 5 API introduction and
+	documentation on the Heimdal webpage.
+	
+2008-01-27  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5: better error strings for the keytab fetching functions
+
+	* lib/krb5/verify_krb5_conf.c: Catch deprecated entries.
+
+	* lib/krb5/get_cred.c: Remove support
+	for [libdefaults]capath (not [libdefaults] capaths though).
+
+2008-01-25  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim
+	Fallsjo.
+
+2008-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* lib/krb5/fcache.c (fcc_move): more explict why the fcc_move
+	failes, handle cross device moves.
+	
+2008-01-21  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/get_for_creds.c: Use on variable less.
+
+	* lib/krb5/get_for_creds.c: Try to handle ticket full and
+	ticketless tickets better. Add doxygen comments while here.
+
+	* lib/krb5/test_forward.c: Used for testing
+	krb5_get_forwarded_creds().
+	
+	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward
+
+	* lib/krb5/Makefile.am: drop CHECK_SYMBOLS
+
+	* lib/hdb/Makefile.am: drop CHECK_SYMBOLS
+
+	* kdc/Makefile.am: drop CHECK_SYMBOLS
+
+2008-01-18  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/version-script.map: Add krb5_digest_probe.
+	
+2008-01-13  Love Hörnquist Åstrand  <lha@it.su.se>
+	
+	* lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
+	hx509_name_binary.
+
+2008-01-12  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* lib/krb5/Makefile.am: add missing files
+
+	* Happy new year.

crypto/external/bsd/heimdal/dist/ChangeLog.2002

@@ -0,0 +1,726 @@
+2002-12-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
+	Chu
+
+2002-12-08  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
+
+2002-12-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
+	sockaddr_storage
+
+	* kdc/connect.c (init_socket): initialise sa_size to size of
+	sockaddr_storage
+
+2002-11-15  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.h: remove trailing comma in enum
+
+2002-11-07  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/524.c: implement crude b2 style (non-)conversion for use
+	with afs
+
+	* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
+	where it's used
+
+2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_keyfile.c: more strcspn
+
+	* lib/krb5/store_emem.c (emem_store): limit how much we allocate
+	(from Olaf Kirch)
+
+	* lib/krb5/principal.c: don't allow trailing backslashes in
+	components
+
+	* kdc/connect.c: check that %-quotes are followed by two hex
+	digits
+
+	* lib/krb5/keytab_any.c: properly close the open keytabs (from
+	Larry Greenfield)
+
+	* kdc/kaserver.c: make sure life is positive (from John Godehn)
+
+2002-10-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/klist.c (display_tokens): allow tokens up to size of
+	buffer (from Magnus Holmberg)
+
+2002-09-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/changepw.c (process_reply): fix reply length check
+	calculation (reported by various people)
+
+2002-09-24  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
+	from start_seq_get (from Wynn Wilkes)
+
+2002-09-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
+	of ENOENT when "unconfigured"
+
+2002-09-16  Jacques Vidrine  <nectar@kth.se>
+
+	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
+	to convert the newline to NUL in fgets results.
+
+2002-09-13  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.1: remove unneeded Ns
+
+	* lib/krb5/krb5_appdefault.3: remove extra "application"
+
+	* fix-export: remove autom4ate.cache
+
+2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
+
+	* include/make_crypto.c: don't use function macros if possible
+
+	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
+
+	* include/Makefile.am: use make_crypto to create crypto-headers.h
+
+	* include/make_crypto.c: crypto header generation tool
+
+	* configure.in: move crypto test to just after testing for krb4,
+	and move roken tests to after both, this speeds up various failure
+	cases with krb4
+
+	* lib/krb5/config_file.c: don't use NULL when we mean 0
+
+	* configure.in: we don't set package_libdir anymore, so no point
+	in testing for it
+
+	* tools/Makefile.am: subst INCLUDE_des
+
+	* tools/krb5-config.in: add INCLUDE_des to cflags
+
+	* configure.in: use AC_CONFIG_SRCDIR
+
+	* fix-export: remove some unneeded stuff
+
+	* kuser/kinit.c (do_524init): free principals
+
+2002-09-09  Jacques Vidrine  <nectar@kth.se>
+
+	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
+	kdc/kaserver.c (krb5_ret_xdr_data),
+	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
+	counts: Check that they are non-negative, and that they are small
+	enough to avoid integer overflow when used in memory allocation
+	calculations.  Potential problem areas pointed out by 
+	Sebastian Krahmer <krahmer@suse.de>.
+
+	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
+	creating a new keyfile.
+
+2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: don't try to build pam module
+
+2002-09-05  Johan Danielsson  <joda@pdc.kth.se>
+
+	* appl/kf/kf.c: fix warning string
+
+	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
+	know we need it
+
+2002-09-04  Assar Westerlund  <assar@kth.se>
+
+	* kdc/kerberos5.c (encode_reply): correct error logging
+
+2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/sendauth.c: close ccache if we opened it
+
+	* appl/kf/kf.c: handle new protocol
+
+	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
+	handle the new protocol, and bail out if an old client tries to
+	connect
+
+	* appl/kf/kf_locl.h: we need a protocol version string
+
+	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
+
+	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
+
+	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
+
+	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
+
+	* lib/asn1/gen.c: add convenience macro that allocates a buffer
+	and encoded into that
+
+	* lib/krb5/get_cred.c (init_tgs_req): use
+	in_creds->session.keytype literally instead of trying to convert
+	to a list of enctypes (it should already be an enctype)
+	
+	* lib/krb5/get_cred.c (init_tgs_req): init ret
+
+2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
+
+	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
+
+	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
+	zero ivec in DES3_CBC_encrypt if passed ivec is NULL
+
+	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
+	krb5-protos.h at build-time, which requires perl, which is bad
+
+	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
+	blindly use the local subkey
+
+	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
+	extracts the required blocksize from a crypto context
+
+	* lib/krb5/build_auth.c: just get the length of the encoded
+	authenticator instead of trying to grow a buffer
+
+2002-09-03  Assar Westerlund  <assar@kth.se>
+
+	* configure.in: add --disable-mmap option, and tests for
+	sys/mman.h and mmap
+
+2002-09-03  Jacques Vidrine  <nectar@kth.se>
+
+	* lib/krb5/changepw.c: verify lengths in response
+
+	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
+	truncated integers
+
+2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/mk_req_ext.c: generate a local subkey if
+	AP_OPTS_USE_SUBKEY is set
+
+	* lib/krb5/build_auth.c: we don't have enough information about
+	whether to generate a local subkey here, so don't try to
+
+	* lib/krb5/auth_context.c: new function
+	krb5_auth_con_generatelocalsubkey
+
+	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
+	initial ticket
+
+	* lib/krb5/context.c (init_context_from_config_file): simplify
+	initialisation of srv_lookup
+
+	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
+
+	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
+
+2002-08-30  Assar Westerlund  <assar@kth.se>
+
+	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
+	* lib/krb5/Makefile.am (TESTS): add name-45-test
+	* lib/krb5/name-45-test.c: add testcases for
+	krb5_425_conv_principal
+
+2002-08-29  Assar Westerlund  <assar@kth.se>
+
+	* lib/krb5/parse-name-test.c: also test unparse_short functions
+	* lib/asn1/asn1_print.c: use com_err/error_message API
+	* lib/krb5/Makefile.am: add parse-name-test
+	* lib/krb5/parse-name-test.c: add a program for testing parsing
+	and unparsing principal names
+
+2002-08-28  Assar Westerlund  <assar@kth.se>
+
+	* kdc/config.c: add missing ifdef DAEMON
+
+2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: use rk_SUNOS
+
+	* kdc/config.c: add detach options
+
+	* kdc/main.c: maybe detach from console?
+
+	* kdc/kdc.8: markup changes
+
+	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
+
+	* configure.in: use rk_TELNET, rename some other macros, and don't
+	add -ldes to krb4 link command
+
+	* kuser/kinit.1: whitespace fix (from NetBSD)
+
+	* include/bits.c: we may need unistd.h for ssize_t
+
+2002-08-26  Assar Westerlund  <assar@kth.se>
+
+	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
+	rrs before A ones when using the resolver to verify a mapping,
+	also use getaddrinfo when resolver is not available
+
+	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
+	krb5_config_get_next
+
+	* lib/asn1/gen.c: include <string.h> in the generated files (for
+	memset)
+
+2002-08-22  Assar Westerlund  <assar@kth.se>
+
+	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
+	getarg so that it can handle --help and --version (and thus make
+	check can pass)
+
+	* lib/asn1/check-der.c: make this build again
+
+2002-08-22  Assar Westerlund <assar@kth.se>
+
+	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
+	patch from Love <lha@stacken.kth.se>
+
+2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
+	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
+	
+	* kdc/kdc.8: add blurb about adding and removing addresses; update
+	kdc.conf section to match reality
+
+	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
+	don't define it
+	
+2002-08-21  Assar Westerlund  <assar@kth.se>
+	
+	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
+	Love <lha@stacken.kth.se>
+
+2002-08-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
+	since it might not exist, and we don't actually care about the key
+	
+2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.conf.5: correct documentation for
+	verify_ap_req_nofail
+
+	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
+	Mattias Amnefelt)
+
+	* kuser/klist.c (display_tokens): increase token buffer size, and
+	add more checks of the kernel data (from Love)
+
+2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* fix-export: use make to parse Makefile.am instead of perl
+
+	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
+	groks AC_INIT with package name etc.
+
+	* kpasswd/kpasswdd.c: include <kadm5/private.h>
+
+	* lib/asn1/asn1_print.c: include com_right.h
+
+	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
+
+	* include/bits.c: define krb5_socklen_t type; this should really
+	go someplace else, but this was easy
+
+	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
+	fails, just warn about it
+
+	* kdc/log.c (kdc_openlog): no need for a config_file parameter
+
+	* kdc/config.c: just treat kdc.conf like any other config file
+
+	* lib/krb5/context.c (krb5_get_default_config_files): ignore
+	duplicate files
+
+2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
+	them
+
+	* lib/krb5/constants.c: turn strings into pointers, so we can
+	assign to them
+
+	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
+	SCAN_INTERFACES is not set
+
+	* lib/krb5/context.c: fix various borked stuff in previous commits
+
+2002-08-16  Jacques Vidrine <n@nectar.com>
+
+	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
+	the `admin_server' entry for kpasswd, override the `proto' result
+	to be UDP.
+
+2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/auth_context.c: check return value of
+	krb5_sockaddr2address
+
+	* lib/krb5/addr_families.c: check return value of
+	krb5_sockaddr2address
+
+	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
+
+2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
+
+	* lib/krb5/context.c: allow changing config files with the
+	function krb5_set_config_files, there are also related functions
+	krb5_get_default_config_files and krb5_free_config_files; these
+	should work similar to their MIT counterparts
+
+	* lib/krb5/config_file.c: allow the use of more than one config
+	file by using the new function krb5_config_parse_file_multi
+
+2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* use sysconfdir instead of /etc
+
+	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
+	to appease automake; force sysconfdir and localstatedir to /etc
+	and /var/heimdal for now
+
+	* kdc/connect.c (addr_to_string): check return value of
+	sockaddr2address
+
+2002-08-09  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
+	don't try comparing to one; this should make old clients work with
+	new servers
+
+	* lib/asn1/gen_decode.c: remove unused variable
+
+2002-07-31  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
+	Brashear)
+
+	* lib/krb5/principal.c: actually lower case the lower case
+	instance name (spotted by Derrick Brashear)
+
+2002-07-24  Johan Danielsson  <joda@pdc.kth.se>
+
+	* fix-export: if DATEDVERSION is set, change the version to
+	current date
+
+	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
+	LTLIBOBJS
+
+2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/connect.c: add some cache-control-foo to the http responses
+	(from Gombas Gabor)
+
+	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
+	if ret_len == NULL
+
+2002-06-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/klist.c (display_tokens): don't bail out before we get
+	EDOM (signaling the end of the tokens), the kernel can also return
+	ENOTCONN, meaning that the index does not exist anymore (for
+	example if the token has expired)
+
+2002-06-06  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/changepw.c: make sure we return an error if there are
+	no changepw hosts found; from Wynn Wilkes
+
+2002-05-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
+	same type is found; spotted by Wynn Wilkes
+
+2002-05-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_file.c: check size of entry before trying to
+	read 32-bit kvno; also fix typo in previous
+
+2002-05-24  Johan Danielsson  <joda@pdc.kth.se>
+
+	* include/Makefile.am: only add to INCLUDES
+
+	* lib/45/mk_req.c: fix for storage change
+
+	* lib/hdb/print.c: fix for storage change
+
+2002-05-15  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kerberos5.c: don't free encrypted padata until we're really
+	done with it
+
+2002-05-07  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
+	enctype
+
+	* kuser/kinit.1: document -a
+
+	* kuser/kinit.c: add command line switch for extra addresses
+
+2002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* configure.in: remove some duplicate tests
+
+	* configure.in: use AC_HELP_STRING
+
+2002-04-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
+	unknown
+
+2002-04-25  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: use rk_DESTDIRS
+
+2002-04-22  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
+	the principal
+
+2002-04-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_init.c: fix typo in error string
+
+2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* acconfig.h: remove some stuff that is defined elsewhere
+
+	* lib/krb5/krb5_locl.h: include <sys/file.h>
+
+	* lib/krb5/acl.c: rename acl_string parameter
+
+	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
+	names in comments
+
+	* kuser/klist.c: better align some headers
+
+	* kdc/kerberos4.c: storage tweaks
+
+	* kdc/kaserver.c: storage tweaks
+
+	* kdc/524.c: storage tweaks
+
+	* lib/krb5/keytab_krb4.c: storage tweaks
+
+	* lib/krb5/keytab_keyfile.c: storage tweaks
+
+	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
+	sized keytab files
+
+	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
+
+	* lib/krb5/fcache.c: storage tweaks
+
+	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
+	function wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
+	function wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
+	function wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* lib/krb5/store.c: make the krb5_storage opaque, and add function
+	wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
+	function wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
+	wrappers for store/fetch/seek, and also make the eof-code
+	configurable
+
+	* include/bits.c: include <sys/socket.h> to get socklen_t
+
+	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
+	requested KDC-REQ etypes
+
+	* kdc/hpropd.c: constify
+
+	* kdc/hprop.c: constify
+
+	* kdc/string2key.c: constify
+
+	* kdc/kdc_locl.h: make port_str const
+
+	* kdc/config.c: constify
+
+	* lib/krb5/config_file.c: constify
+
+	* kdc/kstash.c: constify
+
+	* lib/krb5/verify_user.c: remove unnecessary cast
+
+	* lib/krb5/recvauth.c: constify
+
+	* lib/krb5/principal.c (krb5_parse_name): const qualify
+
+	* lib/krb5/mcache.c (mcc_get_name): constify return type
+
+	* lib/krb5/context.c (krb5_free_context): don't try to free the
+	ccache prefix
+
+	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
+	prefix
+
+	* lib/krb5/krb5.h: constify some struct members
+
+	* lib/krb5/log.c: constify
+
+	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
+	qualify
+
+	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
+
+	* lib/krb5/crypto.c: constify some
+
+	* lib/krb5/config_file.c: constify
+
+	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
+	constify local variable
+
+	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
+
+2002-04-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_krb5_conf.c: add some log checking
+	
+	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
+
+2002-04-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
+	matches the expected length
+
+2002-03-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
+
+	* lib/krb5/mk_error.c: rename ctime parameter to client_time
+
+2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
+	Reinoud Zandijk)
+
+2002-03-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/asn1/k5.asn1: add the GSS-API checksum type here
+
+2002-03-11  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+	18:3:1
+	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
+	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
+	
+2002-03-10  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/rd_cred.c: handle addresses with port numbers
+
+	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
+	store the kvno % 256 as the byte and the complete 32 bit kvno after
+	the end of the current keytab entry
+
+	* lib/krb5/init_creds_pw.c:
+	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
+
+	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
+	handle ports giving for the remote address
+
+	* lib/krb5/get_cred.c:
+	get a ticket with no addresses if no-addresses is set
+
+	* lib/krb5/crypto.c:
+	rename functions DES_* to krb5_* to avoid colliding with modern
+	openssl
+
+	* lib/krb5/addr_families.c:
+	make all functions taking 'struct sockaddr' actually take a socklen_t
+	instead of int and that acts as an in-out parameter (indicating the
+	maximum length of the sockaddr to be written)
+
+	* kdc/kerberos4.c:
+	make the kvno's in the krb4 universe by the real one % 256, since they
+	cannot only be 8 bit, and the v5 ones are actually 32 bits
+
+2002-02-15  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
+	before we need to write to it
+	(from Åke Sandgren)
+
+2002-02-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
+	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
+	directly
+
+	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
+	Kouril)
+
+2002-02-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
+	context
+
+2002-02-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* admin/ktutil.c: no need to use the "modify" keytab anymore
+
+	* lib/krb5/keytab_any.c: implement add and remove
+
+	* lib/krb5/keytab_krb4.c: implement add and remove
+
+	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
+	(this should perhaps be selectable with a flag)
+
+2002-02-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/config.c (get_dbinfo): if there are database specifications
+	in the config file, don't automatically try to use the default
+	values (from Gombas Gabor)
+
+	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
+	(from Gombas Gabor)
+
+2002-01-30  Johan Danielsson  <joda@pdc.kth.se>
+
+	* admin/list.c: get the default keytab from krb5.conf, and list
+	all parts of an ANY type keytab
+
+	* lib/krb5/context.c: default default_keytab_modify to NULL
+
+	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
+	name is specified take it from the first component of the default
+	keytab name
+
+2002-01-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab.c: compare keytab types case insensitively
+
+2002-01-07  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
+	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
+	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
+	Harris <bjh21@netbsd.org>
+	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
+	Harris <bjh21@netbsd.org>
+	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
+	<bjh21@netbsd.org>

crypto/external/bsd/heimdal/dist/LICENSE

@@ -0,0 +1,33 @@
+Copyright (c) 1995 - 2011 Kungliga Tekniska Högskolan
+(Royal Institute of Technology, Stockholm, Sweden). 
+All rights reserved. 
+
+Redistribution and use in source and binary forms, with or without 
+modification, are permitted provided that the following conditions 
+are met: 
+
+1. Redistributions of source code must retain the above copyright 
+   notice, this list of conditions and the following disclaimer. 
+
+2. Redistributions in binary form must reproduce the above copyright 
+   notice, this list of conditions and the following disclaimer in the 
+   documentation and/or other materials provided with the distribution. 
+
+3. Neither the name of the Institute nor the names of its contributors 
+   may be used to endorse or promote products derived from this software 
+   without specific prior written permission. 
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+SUCH DAMAGE. 
+
+
+Please see info documentation for the complete list of licenses.

crypto/external/bsd/heimdal/dist/Makefile.am

@@ -0,0 +1,50 @@
+# Id
+
+include $(top_srcdir)/Makefile.am.common
+
+if KCM
+kcm_dir = kcm
+endif
+
+SUBDIRS=  include base lib kuser kdc admin kadmin kpasswd 
+SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc po
+
+## ACLOCAL = @ACLOCAL@ -I cf
+ACLOCAL_AMFLAGS = -I cf
+
+EXTRA_DIST = \
+	TODO \
+	LICENSE \
+	README \
+	ChangeLog \
+	ChangeLog.1998 \
+	ChangeLog.1999 \
+	ChangeLog.2000 \
+	ChangeLog.2001 \
+	ChangeLog.2002 \
+	ChangeLog.2003 \
+	ChangeLog.2004 \
+	ChangeLog.2005 \
+	ChangeLog.2006 \
+	Makefile.am.common \
+	autogen.sh \
+	krb5.conf \
+	cf/make-proto.pl \
+	cf/install-catman.sh \
+	cf/ChangeLog \
+	cf/c-function.m4 \
+	cf/ChangeLog \
+	cf/have-pragma-weak.m4 \
+	cf/have-types.m4 \
+	cf/krb-func-getcwd-broken.m4 \
+	cf/krb-prog-ranlib.m4 \
+	cf/krb-prog-yacc.m4 \
+	cf/krb-sys-aix.m4 \
+	cf/krb-sys-nextstep.m4 \
+	cf/krb-version.m4 \
+	cf/roken.m4 \
+	cf/valgrind-suppressions \
+	cf/vararray.m4
+
+print-distdir:
+	@echo $(distdir)

crypto/external/bsd/heimdal/dist/Makefile.am.common

@@ -0,0 +1,4 @@
+# Id
+
+include $(top_srcdir)/cf/Makefile.am.common
+

crypto/external/bsd/heimdal/dist/NEWS

@@ -0,0 +1,957 @@
+Release Notes - Heimdal - Version Heimdal 1.5
+
+New features
+
+ - SHA512 support
+ - No Kerberos 4 support
+
+Release Notes - Heimdal - Version Heimdal 1.4
+
+ New features
+ 
+ - Support for reading MIT database file directly
+ - KCM is polished up and now used in production
+ - NTLM first class citizen, credentials stored in KCM
+ - Table driven ASN.1 compiler, smaller!, not enabled by default
+ - Native Windows client support
+
+Notes
+
+ - Disabled write support NDBM hdb backend (read still in there) since
+   it can't handle large records, please migrate to a diffrent backend
+   (like BDB4)
+
+Release Notes - Heimdal - Version Heimdal 1.3.3
+
+ Bug fixes
+ - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
+ - Check NULL pointers before dereference them [kdc]
+
+Release Notes - Heimdal - Version Heimdal 1.3.2
+
+ Bug fixes
+
+ - Don't mix length when clearing hmac (could memset too much)
+ - More paranoid underrun checking when decrypting packets
+ - Check the password change requests and refuse to answer empty packets
+ - Build on OpenSolaris 
+ - Renumber AD-SIGNED-TICKET since it was stolen from US
+ - Don't cache /dev/*random file descriptor, it doesn't get unloaded
+ - Make C++ safe
+ - Misc warnings
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ Bug fixes
+
+ - Store KDC offset in credentials
+ - Many many more bug fixes
+
+Release Notes - Heimdal - Version Heimdal 1.3.1
+
+ New features
+
+ - Make work with OpenLDAPs krb5 overlay
+
+Release Notes - Heimdal - Version Heimdal 1.3
+
+ New features
+
+ - Partial support for MIT kadmind rpc protocol in kadmind
+ - Better support for finding keytab entries when using SPN aliases in the KDC
+ - Support BER in ASN.1 library (needed for CMS)
+ - Support decryption in Keychain private keys
+ - Support for new sqlite based credential cache
+ - Try both KDC referals and the common DNS reverse lookup in GSS-API
+ - Fix the KCM to not leak resources on failure
+ - Add IPv6 support to iprop
+ - Support localization of error strings in
+   kinit/klist/kdestroy and Kerberos library
+ - Remove Kerberos 4 support in application (still in KDC)
+ - Deprecate DES
+ - Support i18n password in windows domains (using UTF-8)
+ - More complete API emulation of OpenSSL in hcrypto
+ - Support for ECDSA and ECDH when linking with OpenSSL
+
+ API changes
+
+ - Support for settin friendly name on credential caches
+ - Move to using doxygen to generate documentation.
+ - Sprinkling __attribute__((depricated)) for old function to be removed
+ - Support to export LAST-REQUST information in AS-REQ
+ - Support for client deferrals in in AS-REQ
+ - Add seek support for krb5_storage.
+ - Support for split AS-REQ, first step for IA-KERB
+ - Fix many memory leaks and bugs
+ - Improved regression test
+ - Support krb5_cccol
+ - Switch to krb5_set_error_message
+ - Support krb5_crypto_*_iov	
+ - Switch to use EVP for most function
+ - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec)
+ - Add support for GSS_C_DELEG_POLICY_FLAG
+ - Add krb5_cc_[gs]et_config to store data in the credential caches
+ - PTY testing application
+
+Bugfixes
+ - Make building on AIX6 possible.
+ - Bugfixes in LDAP KDC code to make it more stable
+ - Make ipropd-slave reconnect when master down gown
+
+
+Release Notes - Heimdal - Version Heimdal 1.2.1
+
+* Bug
+
+  [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris
+  [HEIMDAL-151] - Make canned tests work again after cert expired
+  [HEIMDAL-152] - iprop test: use full hostname to avoid realm
+                  resolving errors
+  [HEIMDAL-153] - ftp: Use the correct length for unmap, msync
+
+Release Notes - Heimdal - Version Heimdal 1.2
+
+* Bug
+
+  [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in
+  		 gss_display_name/gss_export_name when using SPNEGO
+  [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1
+  [HEIMDAL-17] - Remove support for depricated [libdefaults]capath
+  [HEIMDAL-52] - hdb overwrite aliases for db databases
+  [HEIMDAL-54] - Two issues which affect credentials delegation
+  [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args
+  [HEIMDAL-62] - Fix printing of sig_atomic_t
+  [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto
+  [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase
+  [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241)
+
+* Improvement
+  [HEIMDAL-67] - Fix locking and store credential in atomic writes
+                 in the FILE credential cache
+  [HEIMDAL-106] - make compile on cygwin again
+  [HEIMDAL-107] - Replace old random key generation in des module
+                  and use it with RAND_ function instead
+  [HEIMDAL-115] - Better documentation and compatibility in hcrypto
+                  in regards to OpenSSL
+
+* New Feature
+  [HEIMDAL-3] - pkinit alg agility PRF test vectors
+  [HEIMDAL-14] - Add libwind to Heimdal
+  [HEIMDAL-16] - Use libwind in hx509
+  [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to
+                 the negotiation
+  [HEIMDAL-74] - Add support to report extended error message back
+                 in AS-REQ to support windows clients
+  [HEIMDAL-116] - test pty based application (using rkpty)
+  [HEIMDAL-120] - Use new OpenLDAP API (older deprecated)
+
+* Task
+  [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ.
+                 This drop compatibility with pre 0.3d KDCs.
+  [HEIMDAL-64] - kcm: first implementation of kcm-move-cache
+  [HEIMDAL-65] - Failed to compile with --disable-pk-init
+  [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some
+                 wraparound checks doesn't apply to Heimdal
+
+Changes in release 1.1
+
+ * Read-only PKCS11 provider built-in to hx509.
+
+ * Documentation for hx509, hcrypto and ntlm libraries improved.
+
+ * Better compatibilty with Windows 2008 Server pre-releases and Vista.
+
+ * Mac OS X 10.5 support for native credential cache.
+
+ * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
+
+ * Bug fixes.
+
+Changes in release 1.0.2
+
+* Ubuntu packages.
+
+* Bug fixes.
+
+Changes in release 1.0.1
+
+ * Serveral bug fixes to iprop.
+
+ * Make work on platforms without dlopen.
+
+ * Add RFC3526 modp group14 as default.
+
+ * Handle [kdc] database = { } entries without realm = stanzas.
+
+ * Make krb5_get_renewed_creds work.
+
+ * Make kaserver preauth work again.
+
+ * Bug fixes.
+
+Changes in release 1.0
+
+ * Add gss_pseudo_random() for mechglue and krb5.
+
+ * Make session key for the krbtgt be selected by the best encryption
+   type of the client.
+
+ * Better interoperability with other PK-INIT implementations.
+
+ * Inital support for Mac OS X Keychain for hx509.
+
+ * Alias support for inital ticket requests.
+
+ * Add symbol versioning to selected libraries on platforms that uses
+   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
+
+ * New version of imath included in hcrypto.
+
+ * Fix memory leaks.
+
+ * Bugs fixes.
+
+Changes in release 0.8.1
+
+ * Make ASN.1 library less paranoid to with regard to NUL in string to
+   make it inter-operate with MIT Kerberos again.
+
+ * Make GSS-API library work again when using gss_acquire_cred
+
+ * Add symbol versioning to libgssapi when using GNU ld.
+
+ * Fix memory leaks 
+
+ * Bugs fixes
+
+Changes in release 0.8
+
+ * PK-INIT support.
+
+ * HDB extensions support, used by PK-INIT.
+
+ * New ASN.1 compiler.
+
+ * GSS-API mechglue from FreeBSD.
+
+ * Updated SPNEGO to support RFC4178.
+
+ * Support for Cryptosystem Negotiation Extension (RFC 4537).
+
+ * A new X.509 library (hx509) and related crypto functions.
+
+ * A new ntlm library (heimntlm) and related crypto functions.
+
+ * Updated the built-in crypto library with bignum support using
+   imath, support for RSA and DH and renamed it to libhcrypto.
+
+ * Subsystem in the KDC, digest, that will perform the digest
+   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
+   DIGEST-MD5 NTLMv1 and NTLMv2.
+
+ * KDC will return the "response too big" error to force TCP retries
+   for large (default 1400 bytes) UDP replies.  This is common for
+   PK-INIT requests.
+
+ * Libkafs defaults to use 2b tokens.
+
+ * Default to use the API cache on Mac OS X.
+
+ * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
+   see manpage for krb5_kuserok for description.
+
+ * Many, many, other updates to code and info manual and manual pages.
+
+ * Bug fixes
+
+Changes in release 0.7.2
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
+* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
+  exists in the keytab before returning success. This allows servers
+  to check if its even possible to use GSSAPI.
+
+* Fix receiving end of token delegation for GSS-API. It still wrongly
+  uses subkey for sending for compatibility reasons, this will change
+  in 0.8.
+
+* telnetd, login and rshd are now more verbose in logging failed and
+  successful logins.
+
+* Bug fixes
+
+Changes in release 0.7.1
+
+* Bug fixes
+
+Changes in release 0.7
+
+ * Support for KCM, a process based credential cache
+
+ * Support CCAPI credential cache
+
+ * SPNEGO support
+
+ * AES (and the gssapi conterpart, CFX) support
+
+ * Adding new and improve old documentation
+
+ * Bug fixes
+
+Changes in release 0.6.6
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
+Changes in release 0.6.5
+
+ * fix vulnerabilities in telnetd
+
+ * unbreak Kerberos 4 and kaserver
+
+Changes in release 0.6.4
+
+ * fix vulnerabilities in telnet
+
+ * rshd: encryption without a separate error socket should now work
+
+ * telnet now uses appdefaults for the encrypt and forward/forwardable
+   settings
+
+ * bug fixes
+
+Changes in release 0.6.3
+
+ * fix vulnerabilities in ftpd
+
+ * support for linux AFS /proc "syscalls"
+
+ * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
+   kpasswdd
+
+ * fix possible KDC denial of service
+
+ * bug fixes
+
+Changes in release 0.6.2
+
+ * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
+
+Changes in release 0.6.1
+
+ * Fixed ARCFOUR suppport
+
+ * Cross realm vulnerability
+
+ * kdc: fix denial of service attack
+
+ * kdc: stop clients from renewing tickets into the future
+
+ * bug fixes
+	
+Changes in release 0.6
+
+* The DES3 GSS-API mechanism has been changed to inter-operate with
+  other GSSAPI implementations. See man page for gssapi(3) how to turn
+  on generation of correct MIC messages. Next major release of heimdal 
+  will generate correct MIC by default.
+
+* More complete GSS-API support
+
+* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
+  support in applications no longer requires Kerberos 4 libs
+
+* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
+
+* other bug fixes
+
+Changes in release 0.5.2
+
+ * kdc: add option for disabling v4 cross-realm (defaults to off)
+
+ * bug fixes
+
+Changes in release 0.5.1
+
+ * kadmind: fix remote exploit
+
+ * kadmind: add option to disable kerberos 4
+
+ * kdc: make sure kaserver token life is positive
+
+ * telnet: use the session key if there is no subkey
+
+ * fix EPSV parsing in ftp
+
+ * other bug fixes
+
+Changes in release 0.5
+
+ * add --detach option to kdc
+
+ * allow setting forward and forwardable option in telnet from
+   .telnetrc, with override from command line
+
+ * accept addresses with or without ports in krb5_rd_cred
+
+ * make it work with modern openssl
+
+ * use our own string2key function even with openssl (that handles weak
+   keys incorrectly)
+
+ * more system-specific requirements in login
+
+ * do not use getlogin() to determine root in su
+
+ * telnet: abort if telnetd does not support encryption
+
+ * update autoconf to 2.53
+
+ * update config.guess, config.sub
+
+ * other bug fixes
+
+Changes in release 0.4e
+
+ * improve libcrypto and database autoconf tests
+
+ * do not care about salting of server principals when serving v4 requests
+
+ * some improvements to gssapi library
+
+ * test for existing compile_et/libcom_err
+
+ * portability fixes
+
+ * bug fixes
+
+Changes in release 0.4d
+
+ * fix some problems when using libcrypto from openssl
+
+ * handle /dev/ptmx `unix98' ptys on Linux
+
+ * add some forgotten man pages
+
+ * rsh: clean-up and add man page
+
+ * fix -A and -a in builtin-ls in tpd
+
+ * fix building problem on Irix
+
+ * make `ktutil get' more efficient
+
+ * bug fixes
+
+Changes in release 0.4c
+
+ * fix buffer overrun in telnetd
+
+ * repair some of the v4 fallback code in kinit
+
+ * add more shared library dependencies
+
+ * simplify and fix hprop handling of v4 databases
+
+ * fix some building problems (osf's sia and osfc2 login)
+
+ * bug fixes
+
+Changes in release 0.4b
+
+ * update the shared library version numbers correctly
+
+Changes in release 0.4a
+
+ * corrected key used for checksum in mk_safe, unfortunately this
+   makes it backwards incompatible
+
+ * update to autoconf 2.50, libtool 1.4
+
+ * re-write dns/config lookups (krb5_krbhst API)
+
+ * make order of using subkeys consistent
+
+ * add man page links
+
+ * add more man pages
+
+ * remove rfc2052 support, now only rfc2782 is supported
+
+ * always build with kaserver protocol support in the KDC (assuming
+   KRB4 is enabled) and support for reading kaserver databases in
+   hprop
+
+Changes in release 0.3f
+
+ * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
+   the new keytab type that tries both of these in order (SRVTAB is
+   also an alias for krb4:)
+
+ * improve error reporting and error handling (error messages should
+   be more detailed and more useful)
+
+ * improve building with openssl
+
+ * add kadmin -K, rcp -F 
+
+ * fix two incorrect weak DES keys
+
+ * fix building of kaserver compat in KDC
+
+ * the API is closer to what MIT krb5 is using
+
+ * more compatible with windows 2000
+
+ * removed some memory leaks
+
+ * bug fixes
+
+Changes in release 0.3e
+
+ * rcp program included
+
+ * fix buffer overrun in ftpd
+
+ * handle omitted sequence numbers as zeroes to handle MIT krb5 that
+   cannot generate zero sequence numbers
+
+ * handle v4 /.k files better
+
+ * configure/portability fixes
+
+ * fixes in parsing of options to kadmin (sub-)commands
+
+ * handle errors in kadmin load better
+
+ * bug fixes
+
+Changes in release 0.3d
+
+ * add krb5-config
+
+ * fix a bug in 3des gss-api mechanism, making it compatible with the
+   specification and the MIT implementation
+
+ * make telnetd only allow a specific list of environment variables to
+   stop it from setting `sensitive' variables
+
+ * try to use an existing libdes
+
+ * lib/krb5, kdc: use correct usage type for ap-req messages.  This
+   should improve compatability with MIT krb5 when using 3DES
+   encryption types
+
+ * kdc: fix memory allocation problem
+
+ * update config.guess and config.sub
+
+ * lib/roken: more stuff implemented
+
+ * bug fixes and portability enhancements
+
+Changes in release 0.3c
+
+ * lib/krb5: memory caches now support the resolve operation
+
+ * appl/login: set PATH to some sane default
+
+ * kadmind: handle several realms
+
+ * bug fixes (including memory leaks)
+
+Changes in release 0.3b
+
+ * kdc: prefer default-salted keys on v5 requests
+
+ * kdc: lowercase hostnames in v4 mode
+
+ * hprop: handle more types of MIT salts
+
+ * lib/krb5: fix memory leak
+
+ * bug fixes
+
+Changes in release 0.3a:
+
+ * implement arcfour-hmac-md5 to interoperate with W2K
+
+ * modularise the handling of the master key, and allow for other
+   encryption types. This makes it easier to import a database from
+   some other source without having to re-encrypt all keys.
+
+ * allow for better control over which encryption types are created
+
+ * make kinit fallback to v4 if given a v4 KDC
+
+ * make klist work better with v4 and v5, and add some more MIT
+   compatibility options
+
+ * make the kdc listen on the krb524 (4444) port for compatibility
+   with MIT krb5 clients
+
+ * implement more DCE/DFS support, enabled with --enable-dce, see
+   lib/kdfs and appl/dceutils
+
+ * make the sequence numbers work correctly
+
+ * bug fixes
+
+Changes in release 0.2t:
+
+ * bug fixes
+
+Changes in release 0.2s:
+
+ * add OpenLDAP support in hdb
+
+ * login will get v4 tickets when it receives forwarded tickets
+
+ * xnlock supports both v5 and v4
+
+ * repair source routing for telnet
+
+ * fix building problems with krb4 (krb_mk_req)
+
+ * bug fixes
+
+Changes in release 0.2r:
+
+ * fix realloc memory corruption bug in kdc
+
+ * `add --key' and `cpw --key' in kadmin
+
+ * klist supports listing v4 tickets
+
+ * update config.guess and config.sub
+
+ * make v4 -> v5 principal name conversion more robust
+
+ * support for anonymous tickets
+
+ * new man-pages
+
+ * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
+
+ * use and set expiration and not password expiration when dumping
+   to/from ka server databases / krb4 databases
+
+ * make the code happier with 64-bit time_t
+
+ * follow RFC2782 and by default do not look for non-underscore SRV names
+
+Changes in release 0.2q:
+
+ * bug fix in tcp-handling in kdc
+
+ * bug fix in expand_hostname
+
+Changes in release 0.2p:
+
+ * bug fix in `kadmin load/merge'
+
+ * bug fix in krb5_parse_address
+
+Changes in release 0.2o:
+
+ * gss_{import,export}_sec_context added to libgssapi
+
+ * new option --addresses to kdc (for listening on an explicit set of
+   addresses)
+
+ * bug fixes in the krb4 and kaserver emulation part of the kdc
+
+ * other bug fixes
+
+Changes in release 0.2n:
+
+ * more robust parsing of dump files in kadmin
+ * changed default timestamp format for log messages to extended ISO
+   8601 format (Y-M-DTH:M:S)
+ * changed md4/md5/sha1 APIes to be de-facto `standard'
+ * always make hostname into lower-case before creating principal
+ * small bits of more MIT-compatability
+ * bug fixes
+
+Changes in release 0.2m:
+
+ * handle glibc's getaddrinfo() that returns several ai_canonname
+
+ * new endian test
+
+ * man pages fixes
+
+Changes in release 0.2l:
+
+ * bug fixes
+
+Changes in release 0.2k:
+
+ * better IPv6 test
+
+ * make struct sockaddr_storage in roken work better on alphas
+
+ * some missing [hn]to[hn]s fixed.
+
+ * allow users to change their own passwords with kadmin (with initial
+   tickets)
+
+ * fix stupid bug in parsing KDC specification
+
+ * add `ktutil change' and `ktutil purge'
+
+Changes in release 0.2j:
+
+ * builds on Irix
+
+ * ftpd works in passive mode
+
+ * should build on cygwin
+
+ * work around broken IPv6-code on OpenBSD 2.6, also add configure
+   option --disable-ipv6
+
+Changes in release 0.2i:
+
+ * use getaddrinfo in the missing places.
+
+ * fix SRV lookup for admin server
+
+ * use get{addr,name}info everywhere.  and implement it in terms of
+   getipnodeby{name,addr} (which uses gethostbyname{,2} and
+   gethostbyaddr)
+
+Changes in release 0.2h:
+
+ * fix typo in kx (now compiles)
+
+Changes in release 0.2g:
+
+ * lots of bug fixes:
+   * push works
+   * repair appl/test programs
+   * sockaddr_storage works on solaris (alignment issues)
+   * works better with non-roken getaddrinfo
+   * rsh works
+   * some non standard C constructs removed
+
+Changes in release 0.2f:
+
+ * support SRV records for kpasswd
+ * look for both _kerberos and krb5-realm when doing host -> realm mapping
+
+Changes in release 0.2e:
+
+ * changed copyright notices to remove `advertising'-clause.
+ * get{addr,name}info added to roken and used in the other code
+   (this makes things work much better with hosts with both v4 and v6
+    addresses, among other things)
+ * do pre-auth for both password and key-based get_in_tkt
+ * support for having several databases
+ * new command `del_enctype' in kadmin
+ * strptime (and new strftime) add to roken
+ * more paranoia about finding libdb
+ * bug fixes
+
+Changes in release 0.2d:
+
+ * new configuration option [libdefaults]default_etypes_des
+ * internal ls in ftpd builds without KRB4
+ * kx/rsh/push/pop_debug tries v5 and v4 consistenly
+ * build bug fixes
+ * other bug fixes
+
+Changes in release 0.2c:
+
+ * bug fixes (see ChangeLog's for details)
+
+Changes in release 0.2b:
+
+ * bug fixes
+ * actually bump shared library versions
+
+Changes in release 0.2a:
+
+ * a new program verify_krb5_conf for checking your /etc/krb5.conf
+ * add 3DES keys when changing password
+ * support null keys in database
+ * support multiple local realms
+ * implement a keytab backend for AFS KeyFile's
+ * implement a keytab backend for v4 srvtabs
+ * implement `ktutil copy'
+ * support password quality control in v4 kadmind
+ * improvements in v4 compat kadmind
+ * handle the case of having the correct cred in the ccache but with
+   the wrong encryption type better
+ * v6-ify the remaining programs.
+ * internal ls in ftpd
+ * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
+ * add `ank --random-password' and `cpw --random-password' in kadmin
+ * some programs and documentation for trying to talk to a W2K KDC
+ * bug fixes
+
+Changes in release 0.1m:
+
+ * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
+   From Miroslav Ruda <ruda@ics.muni.cz>
+ * v6-ify hprop and hpropd
+ * support numeric addresses in krb5_mk_req
+ * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
+ * make rsh/rshd IPv6-aware
+ * make the gssapi sample applications better at reporting errors
+ * lots of bug fixes
+ * handle systems with v6-aware libc and non-v6 kernels (like Linux
+   with glibc 2.1) better
+ * hide failure of ERPT in ftp
+ * lots of bug fixes
+
+Changes in release 0.1l:
+
+ * make ftp and ftpd IPv6-aware
+ * add inet_pton to roken
+ * more IPv6-awareness
+ * make mini_inetd v6 aware
+
+Changes in release 0.1k:
+
+ * bump shared libraries versions
+ * add roken version of inet_ntop
+ * merge more changes to rshd
+
+Changes in release 0.1j:
+
+ * restore back to the `old' 3DES code.  This was supposed to be done
+   in 0.1h and 0.1i but I did a CVS screw-up.
+ * make telnetd handle v6 connections
+
+Changes in release 0.1i:
+
+ * start using `struct sockaddr_storage' which simplifies the code
+   (with a fallback definition if it's not defined)
+ * bug fixes (including in hprop and kf)
+ * don't use mawk which seems to mishandle roken.awk
+ * get_addrs should be able to handle v6 addresses on Linux (with the
+   required patch to the Linux kernel -- ask within)
+ * rshd builds with shadow passwords
+
+Changes in release 0.1h:
+
+ * kf: new program for forwarding credentials
+ * portability fixes
+ * make forwarding credentials work with MIT code
+ * better conversion of ka database
+ * add etc/services.append
+ * correct `modified by' from kpasswdd
+ * lots of bug fixes
+
+Changes in release 0.1g:
+
+ * kgetcred: new program for explicitly obtaining tickets
+ * configure fixes
+ * krb5-aware kx
+ * bug fixes
+
+Changes in release 0.1f;
+
+ * experimental support for v4 kadmin protokoll in kadmind
+ * bug fixes
+
+Changes in release 0.1e:
+
+ * try to handle old DCE and MIT kdcs
+ * support for older versions of credential cache files and keytabs
+ * postdated tickets work
+ * support for password quality checks in kpasswdd
+ * new flag --enable-kaserver for kdc
+ * renew fixes
+ * prototype su program
+ * updated (some) manpages
+ * support for KDC resource records
+ * should build with --without-krb4
+ * bug fixes
+
+Changes in release 0.1d:
+
+ * Support building with DB2 (uses 1.85-compat API)
+ * Support krb5-realm.DOMAIN in DNS
+ * new `ktutil srvcreate'
+ * v4/kafs support in klist/kdestroy
+ * bug fixes
+
+Changes in release 0.1c:
+
+ * fix ASN.1 encoding of signed integers
+ * somewhat working `ktutil get'
+ * some documentation updates
+ * update to Autoconf 2.13 and Automake 1.4
+ * the usual bug fixes
+
+Changes in release 0.1b:
+
+ * some old -> new crypto conversion utils
+ * bug fixes
+
+Changes in release 0.1a:
+
+ * new crypto code
+ * more bug fixes
+ * make sure we ask for DES keys in gssapi
+ * support signed ints in ASN1
+ * IPv6-bug fixes
+
+Changes in release 0.0u:
+
+ * lots of bug fixes
+
+Changes in release 0.0t:
+
+ * more robust parsing of krb5.conf
+ * include net{read,write} in lib/roken
+ * bug fixes
+
+Changes in release 0.0s:
+
+ * kludges for parsing options to rsh
+ * more robust parsing of krb5.conf
+ * removed some arbitrary limits
+ * bug fixes
+
+Changes in release 0.0r:
+
+ * default options for some programs
+ * bug fixes
+
+Changes in release 0.0q:
+
+ * support for building shared libraries with libtool
+ * bug fixes
+
+Changes in release 0.0p:
+
+ * keytab moved to /etc/krb5.keytab
+ * avoid false detection of IPv6 on Linux
+ * Lots of more functionality in the gssapi-library
+ * hprop can now read ka-server databases
+ * bug fixes
+
+Changes in release 0.0o:
+
+ * FTP with GSSAPI support.
+ * Bug fixes.
+
+Changes in release 0.0n:
+
+ * Incremental database propagation.
+ * Somewhat improved kadmin ui; the stuff in admin is now removed.
+ * Some support for using enctypes instead of keytypes.
+ * Lots of other improvement and bug fixes, see ChangeLog for details.

crypto/external/bsd/heimdal/dist/NTMakefile

@@ -0,0 +1,42 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+!if exist(thirdparty/NTMakefile)
+thirdparty=thirdparty
+!endif
+
+SUBDIRS = include lib\roken base lib kuser kdc admin kadmin kpasswd appl doc \
+	tools tests packages etc $(thirdparty) packages\windows\installer
+
+!include windows/NTMakefile.w32
+
+all::
+	@echo Build finished succesfully

crypto/external/bsd/heimdal/dist/README

@@ -0,0 +1,18 @@
+
+Heimdal is a Kerberos 5 implementation.
+
+For information how to install see <http://www.h5l.org/compile.html>.
+
+There are briefer man pages for most of the commands.
+
+Bug reports and bugs are appreciated, see more under Bug reports in
+the manual on how we prefer them: <heimdal-bugs@h5l.org>.
+
+For more information see the web-page at
+<http://www.h5l.org/> or the mailing lists:
+
+heimdal-announce@sics.se	low-volume announcement
+heimdal-discuss@sics.se		high-volume discussion
+
+send a mail to heimdal-announce-request@sics.se and
+heimdal-discuss-request@sics.se respectively to subscribe.

crypto/external/bsd/heimdal/dist/TODO

@@ -0,0 +1,30 @@
+-*- indented-text -*-
+
+** lib/gssapi
+
+cache delegation credentials to avoid hitting the kdc ?  require time
+stampless tickets, and was supported in the recv'ing end with 0.6.1.
+
+make iov work for arcfour
+
+make iov work for ntlm
+
+interop test
+
+make TYPE_STREAM work
+
+** lib/kadm5
+
+add policies?
+
+** lib/krb5
+
+verify_user: handle non-secure verification failing because of
+host->realm mapping
+
+* windows stuff
+
+-- drop all double negation #ifndef NO_
+-- got though windows specific ifdefs to minimized them
+-- switch to use heim-ipc for services, like the kadmin change notification socket
+-- Unify lib/krb5/expand_path_w32.c

crypto/external/bsd/heimdal/dist/acinclude.m4

@@ -0,0 +1,9 @@
+dnl Id
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl

crypto/external/bsd/heimdal/dist/admin/ChangeLog

@@ -0,0 +1,70 @@
+2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* Makefile.am: Add man_MANS to EXTRA_DIST
+
+	* Makefile.am: split build files into dist_ and noinst_ SOURCES
+	
+2005-07-07  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ktutil.c: rename optind to optidx
+
+	* list.c: make a copy of realm and admin_server to avoid
+	un-consting avoid shadowing
+
+	* get.c: make a copy of realm and admin_server to avoid
+	un-consting avoid shadowing
+	
+	* change.c (change_entry): just use global context to avoid
+	shadowing; make a copy of realm and admin_server to avoid
+	un-consting.
+
+2005-05-19  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* change.c (kt_change): plug memory leak from
+	krb5_kt_remove_entry, print principal on error.
+
+2005-05-02  Dave Love  <d.love@dl.ac.uk>
+
+	* ktutil.c (help): Don't use non-constant initializer for `fake'.
+
+2005-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* ktutil_locl.h: include <hex.h>
+
+2005-04-14  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* add.c: add option -H --hex to the add command
+	
+	* ktutil-commands.in: add option -H --hex to the add command
+	
+	* ktutil.8: document option -H --hex to the add command
+
+2004-09-29  Love Hörnquist Åstrand  <lha@it.su.se>
+
+	* list.c: un c99'ify, from Anders.Magnusson@ltu.se
+
+2004-09-23 Johan Danielsson <joda@pdc.kth.se>
+
+	* purge.c: convert to slc; don't purge keys older that a certain
+	time, instead purge keys that have newer versions that are at
+	least a certain age
+
+	* rename.c: convert to slc
+	
+	* remove.c: convert to slc
+	
+	* get.c: convert to slc; warn if resetting disallow-all-tix
+	
+	* copy.c: convert to slc
+	
+	* change.c: convert to slc
+	
+	* add.c: convert to slc
+	
+	* list.c: convert to slc
+	
+	* ktutil_locl.h: convert to slc
+	
+	* ktutil.c: convert to slc
+	
+	* ktutil-commands.in: slc source file

crypto/external/bsd/heimdal/dist/admin/Makefile.am

@@ -0,0 +1,43 @@
+# Id
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
+
+man_MANS = ktutil.8
+
+sbin_PROGRAMS = ktutil
+
+dist_ktutil_SOURCES =				\
+	add.c					\
+	change.c				\
+	copy.c					\
+	destroy.c				\
+	get.c					\
+	ktutil.c				\
+	ktutil_locl.h				\
+	list.c					\
+	purge.c					\
+	remove.c				\
+	rename.c
+
+nodist_ktutil_SOURCES =				\
+	ktutil-commands.c
+
+$(ktutil_OBJECTS): ktutil-commands.h
+
+CLEANFILES = ktutil-commands.h ktutil-commands.c
+
+ktutil-commands.c ktutil-commands.h: ktutil-commands.in
+	$(SLC) $(srcdir)/ktutil-commands.in
+
+LDADD = \
+	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
+	$(top_builddir)/lib/krb5/libkrb5.la \
+	$(LIB_hcrypto) \
+	$(top_builddir)/lib/asn1/libasn1.la \
+	$(top_builddir)/lib/sl/libsl.la \
+	$(LIB_readline) \
+	$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS) ktutil-commands.in

crypto/external/bsd/heimdal/dist/admin/NTMakefile

@@ -0,0 +1,74 @@
+########################################################################
+#
+# Copyright (c) 2009, Secure Endpoints Inc.
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+# 
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+
+RELDIR=admin 
+cincdirs=$(cincdirs) -I$(OBJ)
+!include ../windows/NTMakefile.w32 
+
+SBINPROGRAMS=$(SBINDIR)\ktutil.exe
+
+KTUTIL_OBJS= \
+	$(OBJ)\add.obj		\
+	$(OBJ)\change.obj	\
+	$(OBJ)\copy.obj		\
+	$(OBJ)\destroy.obj	\
+	$(OBJ)\get.obj		\
+	$(OBJ)\ktutil.obj	\
+	$(OBJ)\ktutil-commands.obj	\
+	$(OBJ)\list.obj		\
+	$(OBJ)\purge.obj	\
+	$(OBJ)\remove.obj	\
+	$(OBJ)\rename.obj
+
+KTUTIL_LIBS= \
+	$(LIBHEIMDAL)	\
+	$(LIBKADM5SRV)	\
+	$(LIBSL)	\
+	$(LIBROKEN)	\
+	$(LIBVERS)
+
+$(SBINDIR)\ktutil.exe: $(KTUTIL_OBJS) $(KTUTIL_LIBS) $(OBJ)\ktutil-version.res
+	$(EXECONLINK)
+	$(EXEPREP)
+
+$(OBJ)\ktutil-commands.c $(OBJ)\ktutil-commands.h: ktutil-commands.in
+	cd $(OBJ)
+	$(CP) $(SRCDIR)\ktutil-commands.in $(OBJ)
+	$(BINDIR)\slc.exe ktutil-commands.in
+	cd $(SRCDIR)
+
+INCFILES=\
+	$(OBJ)\ktutil-commands.h
+
+all:: $(INCFILES) $(SBINPROGRAMS)
+
+clean::
+	-$(RM) $(SBINPROGRAMS:.exe=.*)

crypto/external/bsd/heimdal/dist/admin/add.c

@@ -0,0 +1,159 @@
+/*	$NetBSD: add.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: add.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+static char *
+readstring(const char *prompt, char *buf, size_t len)
+{
+    printf("%s", prompt);
+    if (fgets(buf, len, stdin) == NULL)
+	return NULL;
+    buf[strcspn(buf, "\r\n")] = '\0';
+    return buf;
+}
+
+int
+kt_add(struct add_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_keytab keytab;
+    krb5_keytab_entry entry;
+    char buf[1024];
+    krb5_enctype enctype;
+
+    if((keytab = ktutil_open_keytab()) == NULL)
+	return 1;
+
+    memset(&entry, 0, sizeof(entry));
+    if(opt->principal_string == NULL) {
+	if(readstring("Principal: ", buf, sizeof(buf)) == NULL)
+	    return 1;
+	opt->principal_string = buf;
+    }
+    ret = krb5_parse_name(context, opt->principal_string, &entry.principal);
+    if(ret) {
+	krb5_warn(context, ret, "%s", opt->principal_string);
+	goto out;
+    }
+    if(opt->enctype_string == NULL) {
+	if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) {
+	    ret = 1;
+	    goto out;
+	}
+	opt->enctype_string = buf;
+    }
+    ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
+    if(ret) {
+	int t;
+	if(sscanf(opt->enctype_string, "%d", &t) == 1)
+	    enctype = t;
+	else {
+	    krb5_warn(context, ret, "%s", opt->enctype_string);
+	    goto out;
+	}
+    }
+    if(opt->kvno_integer == -1) {
+	if(readstring("Key version: ", buf, sizeof(buf)) == NULL) {
+	    ret = 1;
+	    goto out;
+	}
+	if(sscanf(buf, "%u", &opt->kvno_integer) != 1)
+	    goto out;
+    }
+    if(opt->password_string == NULL && opt->random_flag == 0) {
+	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
+	    ret = 1;
+	    goto out;
+	}
+	opt->password_string = buf;
+    }
+    if(opt->password_string) {
+	if (opt->hex_flag) {
+	    size_t len;
+	    void *data;
+	
+	    len = (strlen(opt->password_string) + 1) / 2;
+
+	    data = malloc(len);
+	    if (data == NULL) {
+		krb5_warn(context, ENOMEM, "malloc");
+		goto out;
+	    }
+
+	    if (hex_decode(opt->password_string, data, len) != len) {
+		free(data);
+		krb5_warn(context, ENOMEM, "hex decode failed");
+		goto out;
+	    }
+
+	    ret = krb5_keyblock_init(context, enctype,
+				     data, len, &entry.keyblock);
+	    free(data);
+	} else if (!opt->salt_flag) {
+	    krb5_salt salt;
+	    krb5_data pw;
+
+	    salt.salttype         = KRB5_PW_SALT;
+	    salt.saltvalue.data   = NULL;
+	    salt.saltvalue.length = 0;
+	    pw.data = (void*)opt->password_string;
+	    pw.length = strlen(opt->password_string);
+	    ret = krb5_string_to_key_data_salt(context, enctype, pw, salt,
+					       &entry.keyblock);
+        } else {
+	    ret = krb5_string_to_key(context, enctype, opt->password_string,
+				     entry.principal, &entry.keyblock);
+	}
+	memset (opt->password_string, 0, strlen(opt->password_string));
+    } else {
+	ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock);
+    }
+    if(ret) {
+	krb5_warn(context, ret, "add");
+	goto out;
+    }
+    entry.vno = opt->kvno_integer;
+    entry.timestamp = time (NULL);
+    ret = krb5_kt_add_entry(context, keytab, &entry);
+    if(ret)
+	krb5_warn(context, ret, "add");
+ out:
+    krb5_kt_free_entry(context, &entry);
+    krb5_kt_close(context, keytab);
+    return ret != 0;
+}

crypto/external/bsd/heimdal/dist/admin/change.c

@@ -0,0 +1,254 @@
+/*	$NetBSD: change.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: change.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+static krb5_error_code
+change_entry (krb5_keytab keytab,
+	      krb5_principal principal, krb5_kvno kvno,
+	      const char *realm, const char *admin_server, int server_port)
+{
+    krb5_error_code ret;
+    kadm5_config_params conf;
+    void *kadm_handle;
+    char *client_name;
+    krb5_keyblock *keys;
+    int num_keys;
+    int i;
+
+    ret = krb5_unparse_name (context, principal, &client_name);
+    if (ret) {
+	krb5_warn (context, ret, "krb5_unparse_name");
+	return ret;
+    }
+
+    memset (&conf, 0, sizeof(conf));
+
+    if(realm == NULL)
+	realm = krb5_principal_get_realm(context, principal);
+    conf.realm = strdup(realm);
+    if (conf.realm == NULL) {
+	free (client_name);
+	krb5_set_error_message(context, ENOMEM, "malloc failed");
+	return ENOMEM;
+    }
+    conf.mask |= KADM5_CONFIG_REALM;
+
+    if (admin_server) {
+	conf.admin_server = strdup(admin_server);
+	if (conf.admin_server == NULL) {
+	    free(client_name);
+	    free(conf.realm);
+	    krb5_set_error_message(context, ENOMEM, "malloc failed");
+	    return ENOMEM;
+	}	
+	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+    }
+
+    if (server_port) {
+	conf.kadmind_port = htons(server_port);
+	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+    }
+
+    ret = kadm5_init_with_skey_ctx (context,
+				    client_name,
+				    keytab_string,
+				    KADM5_ADMIN_SERVICE,
+				    &conf, 0, 0,
+				    &kadm_handle);
+    free(conf.admin_server);
+    free(conf.realm);
+    if (ret) {
+	krb5_warn (context, ret,
+		   "kadm5_c_init_with_skey_ctx: %s:", client_name);
+	free (client_name);
+	return ret;
+    }
+    ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
+    kadm5_destroy (kadm_handle);
+    if (ret) {
+	krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name);
+	free (client_name);
+	return ret;
+    }
+    free (client_name);
+    for (i = 0; i < num_keys; ++i) {
+	krb5_keytab_entry new_entry;
+
+	new_entry.principal = principal;
+	new_entry.timestamp = time (NULL);
+	new_entry.vno = kvno + 1;
+	new_entry.keyblock  = keys[i];
+
+	ret = krb5_kt_add_entry (context, keytab, &new_entry);
+	if (ret)
+	    krb5_warn (context, ret, "krb5_kt_add_entry");
+	krb5_free_keyblock_contents (context, &keys[i]);
+    }
+    return ret;
+}
+
+/*
+ * loop over all the entries in the keytab (or those given) and change
+ * their keys, writing the new keys
+ */
+
+struct change_set {
+    krb5_principal principal;
+    krb5_kvno kvno;
+};
+
+int
+kt_change (struct change_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_keytab keytab;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry entry;
+    int i, j, max;
+    struct change_set *changeset;
+    int errors = 0;
+
+    if((keytab = ktutil_open_keytab()) == NULL)
+	return 1;
+
+    j = 0;
+    max = 0;
+    changeset = NULL;
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if(ret){
+	krb5_warn(context, ret, "%s", keytab_string);
+	goto out;
+    }
+
+    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
+	int add = 0;
+
+	for (i = 0; i < j; ++i) {
+	    if (krb5_principal_compare (context, changeset[i].principal,
+					entry.principal)) {
+		if (changeset[i].kvno < entry.vno)
+		    changeset[i].kvno = entry.vno;
+		break;
+	    }
+	}
+	if (i < j) {
+	    krb5_kt_free_entry (context, &entry);
+	    continue;
+	}
+
+	if (argc == 0) {
+	    add = 1;
+	} else {
+	    for (i = 0; i < argc; ++i) {
+		krb5_principal princ;
+
+		ret = krb5_parse_name (context, argv[i], &princ);
+		if (ret) {
+		    krb5_warn (context, ret, "%s", argv[i]);
+		    continue;
+		}
+		if (krb5_principal_compare (context, princ, entry.principal))
+		    add = 1;
+
+		krb5_free_principal (context, princ);
+	    }
+	}
+
+	if (add) {
+	    if (j >= max) {
+		void *tmp;
+
+		max = max(max * 2, 1);
+		tmp = realloc (changeset, max * sizeof(*changeset));
+		if (tmp == NULL) {
+		    krb5_kt_free_entry (context, &entry);
+		    krb5_warnx (context, "realloc: out of memory");
+		    ret = ENOMEM;
+		    break;
+		}
+		changeset = tmp;
+	    }
+	    ret = krb5_copy_principal (context, entry.principal,
+				       &changeset[j].principal);
+	    if (ret) {
+		krb5_warn (context, ret, "krb5_copy_principal");
+		krb5_kt_free_entry (context, &entry);
+		break;
+	    }
+	    changeset[j].kvno = entry.vno;
+	    ++j;
+	}
+	krb5_kt_free_entry (context, &entry);
+    }
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+
+    if (ret == KRB5_KT_END) {
+	ret = 0;
+	for (i = 0; i < j; i++) {
+	    if (verbose_flag) {
+		char *client_name;
+
+		ret = krb5_unparse_name (context, changeset[i].principal,
+					 &client_name);
+		if (ret) {
+		    krb5_warn (context, ret, "krb5_unparse_name");
+		} else {
+		    printf("Changing %s kvno %d\n",
+			   client_name, changeset[i].kvno);
+		    free(client_name);
+		}
+	    }
+	    ret = change_entry (keytab,
+				changeset[i].principal, changeset[i].kvno,
+				opt->realm_string,
+				opt->admin_server_string,
+				opt->server_port_integer);
+	    if (ret != 0)
+		errors = 1;
+	}
+    } else
+	errors = 1;
+    for (i = 0; i < j; i++)
+	krb5_free_principal (context, changeset[i].principal);
+    free (changeset);
+
+ out:
+    krb5_kt_close(context, keytab);
+    return errors;
+}

crypto/external/bsd/heimdal/dist/admin/copy.c

@@ -0,0 +1,145 @@
+/*	$NetBSD: copy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: copy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+
+static krb5_boolean
+compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
+{
+    if(a->keytype != b->keytype ||
+       a->keyvalue.length != b->keyvalue.length ||
+       memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
+	return FALSE;
+    return TRUE;
+}
+
+int
+kt_copy (void *opt, int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_keytab src_keytab, dst_keytab;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry entry, dummy;
+    const char *from = argv[0];
+    const char *to = argv[1];
+
+    ret = krb5_kt_resolve (context, from, &src_keytab);
+    if (ret) {
+	krb5_warn (context, ret, "resolving src keytab `%s'", from);
+	return 1;
+    }
+
+    ret = krb5_kt_resolve (context, to, &dst_keytab);
+    if (ret) {
+	krb5_kt_close (context, src_keytab);
+	krb5_warn (context, ret, "resolving dst keytab `%s'", to);
+	return 1;
+    }
+
+    ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
+    if (ret) {
+	krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
+	goto out;
+    }
+
+    if (verbose_flag)
+	fprintf(stderr, "copying %s to %s\n", from, to);
+
+    while((ret = krb5_kt_next_entry(context, src_keytab,
+				    &entry, &cursor)) == 0) {
+	char *name_str;
+	char *etype_str;
+	ret = krb5_unparse_name (context, entry.principal, &name_str);
+	if(ret) {
+	    krb5_warn(context, ret, "krb5_unparse_name");
+	    name_str = NULL; /* XXX */
+	}
+	ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
+	if(ret) {
+	    krb5_warn(context, ret, "krb5_enctype_to_string");
+	    etype_str = NULL; /* XXX */
+	}
+	ret = krb5_kt_get_entry(context, dst_keytab,
+				entry.principal,
+				entry.vno,
+				entry.keyblock.keytype,
+				&dummy);
+	if(ret == 0) {
+	    /* this entry is already in the new keytab, so no need to
+               copy it; if the keyblocks are not the same, something
+               is weird, so complain about that */
+	    if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
+		krb5_warnx(context, "entry with different keyvalue "
+			   "already exists for %s, keytype %s, kvno %d",
+			   name_str, etype_str, entry.vno);
+	    }
+	    krb5_kt_free_entry(context, &dummy);
+	    krb5_kt_free_entry (context, &entry);
+	    free(name_str);
+	    free(etype_str);
+	    continue;
+	} else if(ret != KRB5_KT_NOTFOUND) {
+	    krb5_warn (context, ret, "%s: fetching %s/%s/%u",
+		       to, name_str, etype_str, entry.vno);
+	    krb5_kt_free_entry (context, &entry);
+	    free(name_str);
+	    free(etype_str);
+	    break;
+	}
+	if (verbose_flag)
+	    fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str,
+		     etype_str, entry.vno);
+	ret = krb5_kt_add_entry (context, dst_keytab, &entry);
+	krb5_kt_free_entry (context, &entry);
+	if (ret) {
+	    krb5_warn (context, ret, "%s: adding %s/%s/%u",
+		       to, name_str, etype_str, entry.vno);
+	    free(name_str);
+	    free(etype_str);
+	    break;
+	}
+	free(name_str);
+	free(etype_str);
+    }
+    krb5_kt_end_seq_get (context, src_keytab, &cursor);
+
+  out:
+    krb5_kt_close (context, src_keytab);
+    krb5_kt_close (context, dst_keytab);
+    return ret != 0;
+}

crypto/external/bsd/heimdal/dist/admin/destroy.c

@@ -0,0 +1,54 @@
+/*	$NetBSD: destroy.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+int
+kt_destroy (void *opt, int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_keytab keytab;
+
+    if((keytab = ktutil_open_keytab()) == NULL)
+	return 1;
+
+    ret = krb5_kt_destroy (context, keytab);
+    if (ret) {
+	krb5_warn (context, ret, "destroy keytab failed");
+	return 1;
+    }
+
+    return 0;
+}

crypto/external/bsd/heimdal/dist/admin/get.c

@@ -0,0 +1,240 @@
+/*	$NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: get.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+static void*
+open_kadmin_connection(char *principal,
+		       const char *realm,
+		       char *admin_server,
+		       int server_port)
+{
+    static kadm5_config_params conf;
+    krb5_error_code ret;
+    void *kadm_handle;
+    memset(&conf, 0, sizeof(conf));
+
+    if(realm) {
+	conf.realm = strdup(realm);
+	if (conf.realm == NULL) {
+	    krb5_set_error_message(context, 0, "malloc: out of memory");
+	    return NULL;
+	}
+	conf.mask |= KADM5_CONFIG_REALM;
+    }
+
+    if (admin_server) {
+	conf.admin_server = admin_server;
+	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+    }
+
+    if (server_port) {
+	conf.kadmind_port = htons(server_port);
+	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+    }
+
+    /* should get realm from each principal, instead of doing
+       everything with the same (local) realm */
+
+    ret = kadm5_init_with_password_ctx(context,
+				       principal,
+				       NULL,
+				       KADM5_ADMIN_SERVICE,
+				       &conf, 0, 0,
+				       &kadm_handle);
+    free(conf.realm);
+    if(ret) {
+	krb5_warn(context, ret, "kadm5_init_with_password");
+	return NULL;
+    }
+    return kadm_handle;
+}
+
+int
+kt_get(struct get_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret = 0;
+    krb5_keytab keytab;
+    void *kadm_handle = NULL;
+    krb5_enctype *etypes = NULL;
+    size_t netypes = 0;
+    int i, j;
+    unsigned int failed = 0;
+
+    if((keytab = ktutil_open_keytab()) == NULL)
+	return 1;
+
+    if(opt->realm_string)
+	krb5_set_default_realm(context, opt->realm_string);
+
+    if (opt->enctypes_strings.num_strings != 0) {
+
+	etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
+	if (etypes == NULL) {
+	    krb5_warnx(context, "malloc failed");
+	    goto out;
+	}
+	netypes = opt->enctypes_strings.num_strings;
+	for(i = 0; i < netypes; i++) {
+	    ret = krb5_string_to_enctype(context,
+					 opt->enctypes_strings.strings[i],
+					 &etypes[i]);
+	    if(ret) {
+		krb5_warnx(context, "unrecognized enctype: %s",
+			   opt->enctypes_strings.strings[i]);
+		goto out;
+	    }
+	}
+    }
+
+
+    for(i = 0; i < argc; i++){
+	krb5_principal princ_ent;
+	kadm5_principal_ent_rec princ;
+	int mask = 0;
+	krb5_keyblock *keys;
+	int n_keys;
+	int created = 0;
+	krb5_keytab_entry entry;
+
+	ret = krb5_parse_name(context, argv[i], &princ_ent);
+	if (ret) {
+	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
+	    failed++;
+	    continue;
+	}
+	memset(&princ, 0, sizeof(princ));
+	princ.principal = princ_ent;
+	mask |= KADM5_PRINCIPAL;
+	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+	mask |= KADM5_ATTRIBUTES;
+	princ.princ_expire_time = 0;
+	mask |= KADM5_PRINC_EXPIRE_TIME;
+
+	if(kadm_handle == NULL) {
+	    const char *r;
+	    if(opt->realm_string != NULL)
+		r = opt->realm_string;
+	    else
+		r = krb5_principal_get_realm(context, princ_ent);
+	    kadm_handle = open_kadmin_connection(opt->principal_string,
+						 r,
+						 opt->admin_server_string,
+						 opt->server_port_integer);
+	    if(kadm_handle == NULL)
+		break;
+	}
+	
+	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
+	if(ret == 0)
+	    created = 1;
+	else if(ret != KADM5_DUP) {
+	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
+	    krb5_free_principal(context, princ_ent);
+	    failed++;
+	    continue;
+	}
+	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
+	if (ret) {
+	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
+	    krb5_free_principal(context, princ_ent);
+	    failed++;
+	    continue;
+	}
+	
+	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
+			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
+	if (ret) {
+	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
+	    for (j = 0; j < n_keys; j++)
+		krb5_free_keyblock_contents(context, &keys[j]);
+	    krb5_free_principal(context, princ_ent);
+	    failed++;
+	    continue;
+	}
+	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
+	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
+	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+	mask = KADM5_ATTRIBUTES;
+	if(created) {
+	    princ.kvno = 1;
+	    mask |= KADM5_KVNO;
+	}
+	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
+	if (ret) {
+	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
+	    for (j = 0; j < n_keys; j++)
+		krb5_free_keyblock_contents(context, &keys[j]);
+	    krb5_free_principal(context, princ_ent);
+	    failed++;
+	    continue;
+	}
+	for(j = 0; j < n_keys; j++) {
+	    int do_add = TRUE;
+
+	    if (netypes) {
+		int k;
+
+		do_add = FALSE;
+		for (k = 0; k < netypes; ++k)
+		    if (keys[j].keytype == etypes[k]) {
+			do_add = TRUE;
+			break;
+		    }
+	    }
+	    if (do_add) {
+		entry.principal = princ_ent;
+		entry.vno = princ.kvno;
+		entry.keyblock = keys[j];
+		entry.timestamp = time (NULL);
+		ret = krb5_kt_add_entry(context, keytab, &entry);
+		if (ret)
+		    krb5_warn(context, ret, "krb5_kt_add_entry");
+	    }
+	    krb5_free_keyblock_contents(context, &keys[j]);
+	}
+	
+	kadm5_free_principal_ent(kadm_handle, &princ);
+	krb5_free_principal(context, princ_ent);
+    }
+ out:
+    free(etypes);
+    if (kadm_handle)
+	kadm5_destroy(kadm_handle);
+    krb5_kt_close(context, keytab);
+    return ret != 0 || failed > 0;
+}

crypto/external/bsd/heimdal/dist/admin/ktutil-commands.in

@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+/* Id */
+
+command = {
+	name = "add"
+	option = {
+		long = "principal"
+		short = "p"
+		type = "string"
+		help = "principal to add"
+		argument = "principal"
+		default = ""
+	}
+	option = {
+		long = "kvno"
+		short = "V"
+		type = "integer"
+		help = "key version number"
+		default = "-1"
+	}
+	option = {
+		long = "enctype"
+		short = "e"
+		type = "string"
+		argument = "enctype"
+		help = "encryption type"
+	}
+	option = {
+		long = "password"
+		short = "w"
+		type = "string"
+		help = "password for key"
+	}
+	option = {
+		long = "salt"
+		short = "s"
+		type = "-flag"
+		help = "use unsalted keys"
+		default = "1"
+	}
+	option = {
+		long = "random"
+		short = "r"
+		type = "flag"
+		help = "generate random key"
+	}
+	option = {
+		long = "hex"
+		short = "H"
+		type = "flag"
+		help = "password is a hexadecimal string"
+	}
+	function = "kt_add"
+	help = "Adds a key to a keytab."
+	max_args = "0"
+}
+command = {
+	name = "change"
+	option = {
+		long = "realm"
+		short = "r"
+		type = "string"
+		argument = "realm"
+		help = "realm to use"
+	}
+	option = {
+		long = "admin-server"
+		short = "a"
+		type = "string"
+		argument = "host"
+		help = "server to contact"
+	}
+	option = {
+		long = "server-port"
+		short = "s"
+		type = "integer"
+		argument = "port number"
+		help = "port number on server"
+	}
+	function = "kt_change"
+	argument = "[principal...]"
+	help = "Change keys for specified principals (default all)."
+}
+command = {
+	name = "copy"
+	function = "kt_copy"
+	argument = "source destination"
+	min_args = "2"
+	max_args = "2"
+	help = "Copies one keytab to another."
+}
+command = {
+	name = "get"
+	option = {
+		long = "principal"
+		short = "p"
+		type = "string"
+		help = "admin principal"
+		argument = "principal"
+	}
+	option = {
+		long = "enctypes"
+		short = "e"
+		type = "strings"
+		help = "encryption types to use"
+		argument = "enctype"
+	}
+	option = {
+		long = "realm"
+		short = "r"
+		type = "string"
+		argument = "realm"
+		help = "realm to use"
+	}
+	option = {
+		long = "admin-server"
+		short = "a"
+		type = "string"
+		argument = "host"
+		help = "server to contact"
+	}
+	option = {
+		long = "server-port"
+		short = "s"
+		type = "integer"
+		argument = "port number"
+		help = "port number on server"
+	}
+	function = "kt_get"
+	min_args = "1"
+	argument = "principal..."
+	help = "Change keys for specified principals, and add them to the keytab."
+}
+command = {
+	name = "list"
+	option = {
+		long = "keys"
+		type = "flag"
+		help = "show key values"
+	}
+	option = {
+		long = "timestamp"
+		type = "flag"
+		help = "show timestamps"
+	}
+	max_args = "0"
+	function = "kt_list"
+	help = "Show contents of keytab."
+}
+command = {
+	name = "purge"
+	option = {
+		long = "age"
+		type = "string"
+		help = "age to retiere"
+		default = "1 week";
+		argument = "time"
+	}
+	max_args = "0"
+	function = "kt_purge"
+	help = "Remove superceded keys from keytab."
+}
+command = {
+	name = "remove"
+	name = "delete"
+	option = {
+		long = "principal"
+		short = "p"
+		type = "string"
+		help = "principal to remove"
+		argument = "principal"
+	}
+	option = {
+		long = "kvno"
+		short = "V"
+		type = "integer"
+		help = "key version to remove"
+		argument = "enctype"
+		default = "0"
+	}
+	option = {
+		long = "enctype"
+		short = "e"
+		type = "string"
+		help = "enctype to remove"
+		argument = "enctype"
+	}
+	max_args = "0"
+	function = "kt_remove"
+	help = "Remove keys from keytab."
+}
+command = {
+	name = "rename"
+	function = "kt_rename"
+	argument = "from to"
+	min_args = "2"
+	max_args = "2"
+	help = "Renames an entry in the keytab."
+	option = {
+		long = "delete"
+		type = "-flag"
+		help = "don't delete orignal entry"
+	}
+}
+command = {
+	name = "destroy"
+	function = "kt_destroy"
+	max_args = "0"
+	help = "Destroy (remove) the keytab."
+}
+command = {
+	name = "help"
+	argument = "command"
+	max_args = "1"
+	function = "help"
+}

crypto/external/bsd/heimdal/dist/admin/ktutil-version.rc

@@ -0,0 +1,36 @@
+/***********************************************************************
+ * Copyright (c) 2010, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ **********************************************************************/
+
+#define RC_FILE_TYPE VFT_APP
+#define RC_FILE_DESC_0409 "Kerberos Keytab Tool"
+#define RC_FILE_ORIG_0409 "ktutil.exe"
+
+#include "../windows/version.rc"

crypto/external/bsd/heimdal/dist/admin/ktutil.8

@@ -0,0 +1,126 @@
+.\"	$NetBSD: ktutil.8,v 1.2 2011/04/14 19:19:19 elric Exp $
+.\"
+.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden). 
+.\" All rights reserved. 
+.\"
+.\" Redistribution and use in source and binary forms, with or without 
+.\" modification, are permitted provided that the following conditions 
+.\" are met: 
+.\"
+.\" 1. Redistributions of source code must retain the above copyright 
+.\"    notice, this list of conditions and the following disclaimer. 
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright 
+.\"    notice, this list of conditions and the following disclaimer in the 
+.\"    documentation and/or other materials provided with the distribution. 
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors 
+.\"    may be used to endorse or promote products derived from this software 
+.\"    without specific prior written permission. 
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+.\" SUCH DAMAGE. 
+.\" 
+.\" Id
+.\"
+.Dd April 14, 2005
+.Dt KTUTIL 8
+.Os
+.Sh NAME
+.Nm ktutil
+.Nd manage Kerberos keytabs
+.Sh SYNOPSIS
+.Nm
+.Oo Fl k Ar keytab \*(Ba Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+.Oc
+.Op Fl v | Fl -verbose
+.Op Fl -version
+.Op Fl h | Fl -help
+.Ar command
+.Op Ar args
+.Sh DESCRIPTION
+.Nm
+is a program for managing keytabs.
+Supported options:
+.Bl -tag -width Ds
+.It Fl v , Fl -verbose
+Verbose output.
+.El
+.Pp
+.Ar command
+can be one of the following:
+.Bl -tag -width srvconvert
+.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
+Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \
+Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex
+Adds a key to the keytab. Options that are not specified will be
+prompted for. This requires that you know the password or the hex key of the
+principal to add; if what you really want is to add a new principal to
+the keytab, you should consider the
+.Ar get
+command, which talks to the kadmin server.
+.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \
+Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \
+Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port
+Update one or several keys to new versions.  By default, use the admin
+server for the realm of a keytab entry.  Otherwise it will use the
+values specified by the options.
+.Pp
+If no principals are given, all the ones in the keytab are updated.
+.It copy Ar keytab-src Ar keytab-dest
+Copies all the entries from
+.Ar keytab-src
+to
+.Ar keytab-dest .
+.It get Oo Fl p Ar admin principal Oc \
+Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
+Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
+Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
+Oo Fl -server-port= Ns Ar server port Oc Ar principal ...
+For each
+.Ar principal ,
+generate a new key for it (creating it if it doesn't already exist),
+and put that key in the keytab.
+.Pp
+If no
+.Ar realm
+is specified, the realm to operate on is taken from the first
+principal.
+.It list Oo Fl -keys Oc Op Fl -timestamp
+List the keys stored in the keytab.
+.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc
+Removes the specified key or keys. Not specifying a
+.Ar kvno
+removes keys with any version number. Not specifying an
+.Ar enctype
+removes keys of any type.
+.It rename Ar from-principal Ar to-principal
+Renames all entries in the keytab that match the
+.Ar from-principal
+to
+.Ar to-principal .
+.It purge Op Fl -age= Ns Ar age
+Removes all old versions of a key for which there is a newer version
+that is at least
+.Ar age
+(default one week) old.
+.El
+.Sh SEE ALSO
+.Xr kadmin 8

crypto/external/bsd/heimdal/dist/admin/ktutil.c

@@ -0,0 +1,176 @@
+/*	$NetBSD: ktutil.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+#include <err.h>
+
+__RCSID("$NetBSD: ktutil.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+static int help_flag;
+static int version_flag;
+int verbose_flag;
+char *keytab_string;
+static char keytab_buf[256];
+
+static struct getargs args[] = {
+    {
+	"version",
+	0,
+	arg_flag,
+	&version_flag,
+	NULL,
+	NULL
+    },
+    {
+	"help",	
+	'h',
+	arg_flag,
+	&help_flag,
+	NULL,
+	NULL
+    },
+    {
+	"keytab",	
+	'k',
+	arg_string,
+	&keytab_string,
+	"keytab",
+	"keytab to operate on"
+    },
+    {
+	"verbose",
+	'v',
+	arg_flag,
+	&verbose_flag,
+	"verbose",
+	"run verbosely"
+    }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+krb5_context context;
+
+krb5_keytab
+ktutil_open_keytab(void)
+{
+    krb5_error_code ret;
+    krb5_keytab keytab;
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_name");
+	    return NULL;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return NULL;
+    }
+    if (verbose_flag)
+	fprintf (stderr, "Using keytab %s\n", keytab_string);
+	
+    return keytab;
+}
+
+int
+help(void *opt, int argc, char **argv)
+{
+    if(argc == 0) {
+	sl_help(commands, 1, argv - 1 /* XXX */);
+    } else {
+	SL_cmd *c = sl_match (commands, argv[0], 0);
+ 	if(c == NULL) {
+	    fprintf (stderr, "No such command: %s. "
+		     "Try \"help\" for a list of commands\n",
+		     argv[0]);
+	} else {
+	    if(c->func) {
+		char *fake[] = { NULL, "--help", NULL };
+		fake[0] = argv[0];
+		(*c->func)(2, fake);
+		fprintf(stderr, "\n");
+	    }
+	    if(c->help && *c->help)
+		fprintf (stderr, "%s\n", c->help);
+	    if((++c)->name && c->func == NULL) {
+		int f = 0;
+		fprintf (stderr, "Synonyms:");
+		while (c->name && c->func == NULL) {
+		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
+		    f = 1;
+		}
+		fprintf (stderr, "\n");
+	    }
+	}
+    }
+    return 0;
+}
+
+static void
+usage(int status)
+{
+    arg_printusage(args, num_args, NULL, "command");
+    exit(status);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optidx = 0;
+    krb5_error_code ret;
+    setprogname(argv[0]);
+    ret = krb5_init_context(&context);
+    if (ret)
+	errx (1, "krb5_init_context failed: %d", ret);
+    if(getarg(args, num_args, argc, argv, &optidx))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+    argc -= optidx;
+    argv += optidx;
+    if(argc == 0)
+	usage(1);
+    ret = sl_command(commands, argc, argv);
+    if(ret == -1)
+	krb5_warnx (context, "unrecognized command: %s", argv[0]);
+    return ret;
+}

crypto/external/bsd/heimdal/dist/admin/ktutil_locl.h

@@ -0,0 +1,76 @@
+/*	$NetBSD: ktutil_locl.h,v 1.1.1.2 2011/04/14 14:08:06 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Id
+ */
+
+#ifndef __KTUTIL_LOCL_H__
+#define __KTUTIL_LOCL_H__
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <krb5/parse_time.h>
+#include <krb5/roken.h>
+
+#include "crypto-headers.h"
+#include <krb5/krb5.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm5_err.h>
+
+#include <krb5/sl.h>
+#include <krb5/getarg.h>
+#include <krb5/hex.h>
+
+extern krb5_context context;
+
+extern int verbose_flag;
+extern char *keytab_string;
+
+krb5_keytab ktutil_open_keytab(void);
+
+#include "ktutil-commands.h"
+
+#endif /* __KTUTIL_LOCL_H__ */

crypto/external/bsd/heimdal/dist/admin/list.c

@@ -0,0 +1,173 @@
+/*	$NetBSD: list.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+#include <krb5/rtbl.h>
+
+__RCSID("$NetBSD: list.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+static int
+do_list(struct list_options *opt, const char *keytab_str)
+{
+    krb5_error_code ret;
+    krb5_keytab keytab;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    rtbl_t table;
+
+    /* XXX specialcase the ANY type */
+    if(strncasecmp(keytab_str, "ANY:", 4) == 0) {
+	int flag = 0;
+	char buf[1024];
+	keytab_str += 4;
+	ret = 0;
+	while (strsep_copy((const char**)&keytab_str, ",",
+			   buf, sizeof(buf)) != -1) {
+	    if(flag)
+		printf("\n");
+	    if(do_list(opt, buf))
+		ret = 1;
+	    flag = 1;
+	}
+	return ret;
+    }
+
+    ret = krb5_kt_resolve(context, keytab_str, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_str);
+	return ret;
+    }
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if(ret) {
+	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str);
+	krb5_kt_close(context, keytab);
+	return ret;
+    }
+
+    printf ("%s:\n\n", keytab_str);
+	
+    table = rtbl_create();
+    rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT);
+    rtbl_add_column_by_id(table, 1, "Type", 0);
+    rtbl_add_column_by_id(table, 2, "Principal", 0);
+    if (opt->timestamp_flag)
+	rtbl_add_column_by_id(table, 3, "Date", 0);
+    if(opt->keys_flag)
+	rtbl_add_column_by_id(table, 4, "Key", 0);
+    rtbl_add_column_by_id(table, 5, "Aliases", 0);
+    rtbl_set_separator(table, "  ");
+
+    while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){
+	char buf[1024], *s;
+
+	snprintf(buf, sizeof(buf), "%d", entry.vno);
+	rtbl_add_column_entry_by_id(table, 0, buf);
+
+	ret = krb5_enctype_to_string(context,
+				     entry.keyblock.keytype, &s);
+	if (ret != 0) {
+	    snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype);
+	    rtbl_add_column_entry_by_id(table, 1, buf);
+	} else {
+	    rtbl_add_column_entry_by_id(table, 1, s);
+	    free(s);
+	}
+
+	krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
+	rtbl_add_column_entry_by_id(table, 2, buf);
+
+	if (opt->timestamp_flag) {
+	    krb5_format_time(context, entry.timestamp, buf,
+			     sizeof(buf), FALSE);
+	    rtbl_add_column_entry_by_id(table, 3, buf);
+	}
+	if(opt->keys_flag) {
+	    int i;
+	    s = malloc(2 * entry.keyblock.keyvalue.length + 1);
+	    if (s == NULL) {
+		krb5_warnx(context, "malloc failed");
+		ret = ENOMEM;
+		goto out;
+	    }
+	    for(i = 0; i < entry.keyblock.keyvalue.length; i++)
+		snprintf(s + 2 * i, 3, "%02x",
+			 ((unsigned char*)entry.keyblock.keyvalue.data)[i]);
+	    rtbl_add_column_entry_by_id(table, 4, s);
+	    free(s);
+	}
+	if (entry.aliases) {
+	    unsigned int i;
+	    struct rk_strpool *p = NULL;
+	    
+	    for (i = 0; i< entry.aliases->len; i++) {
+		krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
+		rk_strpoolprintf(p, "%s%s", buf,
+				 i + 1 < entry.aliases->len ? ", " : "");
+		
+	    }
+	    rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p));
+	}
+
+	krb5_kt_free_entry(context, &entry);
+    }
+    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+    rtbl_format(table, stdout);
+
+out:
+    rtbl_destroy(table);
+
+    krb5_kt_close(context, keytab);
+    return ret;
+}
+
+int
+kt_list(struct list_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret;
+    char kt[1024];
+
+    if(verbose_flag)
+	opt->timestamp_flag = 1;
+
+    if (keytab_string == NULL) {
+	if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) {
+	    krb5_warn(context, ret, "getting default keytab name");
+	    return 1;
+	}
+	keytab_string = kt;
+    }
+    return do_list(opt, keytab_string) != 0;
+}

crypto/external/bsd/heimdal/dist/admin/purge.c

@@ -0,0 +1,174 @@
+/*	$NetBSD: purge.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: purge.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+/*
+ * keep track of the highest version for every principal.
+ */
+
+struct e {
+    krb5_principal principal;
+    int max_vno;
+    time_t timestamp;
+    struct e *next;
+};
+
+static struct e *
+get_entry (krb5_principal princ, struct e *head)
+{
+    struct e *e;
+
+    for (e = head; e != NULL; e = e->next)
+	if (krb5_principal_compare (context, princ, e->principal))
+	    return e;
+    return NULL;
+}
+
+static void
+add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head)
+{
+    krb5_error_code ret;
+    struct e *e;
+
+    e = get_entry (princ, *head);
+    if (e != NULL) {
+	if(e->max_vno < vno) {
+	    e->max_vno = vno;
+	    e->timestamp = timestamp;
+	}
+	return;
+    }
+    e = malloc (sizeof (*e));
+    if (e == NULL)
+	krb5_errx (context, 1, "malloc: out of memory");
+    ret = krb5_copy_principal (context, princ, &e->principal);
+    if (ret)
+	krb5_err (context, 1, ret, "krb5_copy_principal");
+    e->max_vno = vno;
+    e->timestamp = timestamp;
+    e->next    = *head;
+    *head      = e;
+}
+
+static void
+delete_list (struct e *head)
+{
+    while (head != NULL) {
+	struct e *next = head->next;
+	krb5_free_principal (context, head->principal);
+	free (head);
+	head = next;
+    }
+}
+
+/*
+ * Remove all entries that have newer versions and that are older
+ * than `age'
+ */
+
+int
+kt_purge(struct purge_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret = 0;
+    krb5_kt_cursor cursor;
+    krb5_keytab keytab;
+    krb5_keytab_entry entry;
+    int age;
+    struct e *head = NULL;
+    time_t judgement_day;
+
+    age = parse_time(opt->age_string, "s");
+    if(age < 0) {
+	krb5_warnx(context, "unparasable time `%s'", opt->age_string);
+	return 1;
+    }
+
+    if((keytab = ktutil_open_keytab()) == NULL)
+	return 1;
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if(ret){
+	krb5_warn(context, ret, "%s", keytab_string);
+	goto out;
+    }
+
+    while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) {
+	add_entry (entry.principal, entry.vno, entry.timestamp, &head);
+	krb5_kt_free_entry(context, &entry);
+    }
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+
+    judgement_day = time (NULL);
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if(ret){
+	krb5_warn(context, ret, "%s", keytab_string);
+	goto out;
+    }
+
+    while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) {
+	struct e *e = get_entry (entry.principal, head);
+
+	if (e == NULL) {
+	    krb5_warnx (context, "ignoring extra entry");
+	    continue;
+	}
+
+	if (entry.vno < e->max_vno
+	    && judgement_day - e->timestamp > age) {
+	    if (verbose_flag) {
+		char *name_str;
+
+		krb5_unparse_name (context, entry.principal, &name_str);
+		printf ("removing %s vno %d\n", name_str, entry.vno);
+		free (name_str);
+	    }
+	    ret = krb5_kt_remove_entry (context, keytab, &entry);
+	    if (ret)
+		krb5_warn (context, ret, "remove");
+	}
+	krb5_kt_free_entry(context, &entry);
+    }
+    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+
+    delete_list (head);
+
+ out:
+    krb5_kt_close (context, keytab);
+    return ret != 0;
+}

crypto/external/bsd/heimdal/dist/admin/remove.c

@@ -0,0 +1,95 @@
+/*	$NetBSD: remove.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: remove.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+int
+kt_remove(struct remove_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret = 0;
+    krb5_keytab_entry entry;
+    krb5_keytab keytab;
+    krb5_principal principal = NULL;
+    krb5_enctype enctype = 0;
+
+    if(opt->principal_string) {
+	ret = krb5_parse_name(context, opt->principal_string, &principal);
+	if(ret) {
+	    krb5_warn(context, ret, "%s", opt->principal_string);
+	    return 1;
+	}
+    }
+    if(opt->enctype_string) {
+	ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
+	if(ret) {
+	    int t;
+	    if(sscanf(opt->enctype_string, "%d", &t) == 1)
+		enctype = t;
+	    else {
+		krb5_warn(context, ret, "%s", opt->enctype_string);
+		if(principal)
+		    krb5_free_principal(context, principal);
+		return 1;
+	    }
+	}
+    }
+    if (!principal && !enctype && !opt->kvno_integer) {
+	krb5_warnx(context,
+		   "You must give at least one of "
+		   "principal, enctype or kvno.");
+	ret = EINVAL;
+	goto out;
+    }
+
+    if((keytab = ktutil_open_keytab()) == NULL) {
+	ret = 1;
+	goto out;
+    }
+
+    entry.principal = principal;
+    entry.keyblock.keytype = enctype;
+    entry.vno = opt->kvno_integer;
+    ret = krb5_kt_remove_entry(context, keytab, &entry);
+    krb5_kt_close(context, keytab);
+    if(ret)
+	krb5_warn(context, ret, "remove");
+ out:
+    if(principal)
+	krb5_free_principal(context, principal);
+    return ret != 0;
+}
+

crypto/external/bsd/heimdal/dist/admin/rename.c

@@ -0,0 +1,115 @@
+/*	$NetBSD: rename.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2001-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+__RCSID("$NetBSD: rename.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $");
+
+int
+kt_rename(struct rename_options *opt, int argc, char **argv)
+{
+    krb5_error_code ret = 0;
+    krb5_keytab_entry entry;
+    krb5_keytab keytab;
+    krb5_kt_cursor cursor;
+    krb5_principal from_princ, to_princ;
+
+    ret = krb5_parse_name(context, argv[0], &from_princ);
+    if(ret != 0) {
+	krb5_warn(context, ret, "%s", argv[0]);
+	return 1;
+    }
+
+    ret = krb5_parse_name(context, argv[1], &to_princ);
+    if(ret != 0) {
+	krb5_free_principal(context, from_princ);
+	krb5_warn(context, ret, "%s", argv[1]);
+	return 1;
+    }
+
+    if((keytab = ktutil_open_keytab()) == NULL) {
+	krb5_free_principal(context, from_princ);
+	krb5_free_principal(context, to_princ);
+	return 1;
+    }
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if(ret) {
+	krb5_kt_close(context, keytab);
+	krb5_free_principal(context, from_princ);
+	krb5_free_principal(context, to_princ);
+	return 1;
+    }
+    while(1) {
+	ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+	if(ret != 0) {
+	    if(ret != KRB5_CC_END && ret != KRB5_KT_END)
+		krb5_warn(context, ret, "getting entry from keytab");
+	    else
+		ret = 0;
+	    break;
+	}
+	if(krb5_principal_compare(context, entry.principal, from_princ)) {
+	    krb5_free_principal(context, entry.principal);
+	    entry.principal = to_princ;
+	    ret = krb5_kt_add_entry(context, keytab, &entry);
+	    if(ret) {
+		entry.principal = NULL;
+		krb5_kt_free_entry(context, &entry);
+		krb5_warn(context, ret, "adding entry");
+		break;
+	    }
+	    if (opt->delete_flag) {
+		entry.principal = from_princ;
+		ret = krb5_kt_remove_entry(context, keytab, &entry);
+		if(ret) {
+		    entry.principal = NULL;
+		    krb5_kt_free_entry(context, &entry);
+		    krb5_warn(context, ret, "removing entry");
+		    break;
+		}
+	    }
+	    entry.principal = NULL;
+	}
+	krb5_kt_free_entry(context, &entry);
+    }
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+
+    krb5_free_principal(context, from_princ);
+    krb5_free_principal(context, to_princ);
+
+    return ret != 0;
+}
+

crypto/external/bsd/heimdal/dist/autogen.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+# to really generate all files you need to run "make distcheck" in a
+# object tree, but this will do if you have all parts of the required
+# tool-chain installed
+autoreconf -f -i || { echo "autoreconf failed: $?"; exit 1; }

crypto/external/bsd/heimdal/dist/base/Makefile.am

@@ -0,0 +1,27 @@
+
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libheimbase.la
+check_PROGRAMS = test_base
+
+libheimbase_la_LDFLAGS = -version-info 1:0:0
+
+if versionscript
+libheimbase_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+
+include_HEADERS	= heimbase.h
+
+dist_libheimbase_la_SOURCES =	\
+	array.c			\
+	baselocl.h		\
+	bool.c			\
+	dict.c			\
+	heimbase.c		\
+	heimbasepriv.h		\
+	heimqueue.h		\
+	null.c			\
+	number.c		\
+	string.c
+
+test_base_LDADD = $(LIB_heimbase)

crypto/external/bsd/heimdal/dist/base/NTMakefile

@@ -0,0 +1,53 @@
+########################################################################
+#
+# Copyright (c) 2010, Secure Endpoints Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# - Redistributions of source code must retain the above copyright
+#   notice, this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in
+#   the documentation and/or other materials provided with the
+#   distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+RELDIR=base
+
+!include ../windows/NTMakefile.w32
+
+INCFILES=$(INCDIR)\heimbase.h
+
+libheimbase_OBJS =		\
+	$(OBJ)\array.obj	\
+	$(OBJ)\bool.obj		\
+	$(OBJ)\dict.obj		\
+	$(OBJ)\heimbase.obj	\
+	$(OBJ)\null.obj		\
+	$(OBJ)\number.obj	\
+	$(OBJ)\string.obj
+
+$(LIBHEIMBASE): $(libheimbase_OBJS)
+	$(LIBCON)
+
+all:: $(INCFILES) $(LIBHEIMBASE)
+
+clean::
+	-$(RM) $(INCFILES)

crypto/external/bsd/heimdal/dist/base/array.c

@@ -0,0 +1,236 @@
+/*	$NetBSD: array.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+/*
+ *
+ */
+
+struct heim_array_data {
+    size_t len;
+    heim_object_t *val;
+};
+
+static void
+array_dealloc(heim_object_t ptr)
+{
+    heim_array_t array = ptr;
+    size_t n;
+    for (n = 0; n < array->len; n++)
+	heim_release(array->val[n]);
+    free(array->val);
+}
+
+struct heim_type_data array_object = {
+    HEIM_TID_ARRAY,
+    "dict-object",
+    NULL,
+    array_dealloc,
+    NULL,
+    NULL,
+    NULL
+};
+
+/**
+ * Allocate an array
+ *
+ * @return A new allocated array, free with heim_release()
+ */
+
+heim_array_t
+heim_array_create(void)
+{
+    heim_array_t array;
+
+    array = _heim_alloc_object(&array_object, sizeof(*array));
+    if (array == NULL)
+	return NULL;
+
+    array->val = NULL;
+    array->len = 0;
+
+    return array;
+}
+
+/**
+ * Get type id of an dict
+ *
+ * @return the type id
+ */
+
+heim_tid_t
+heim_array_get_type_id(void)
+{
+    return HEIM_TID_ARRAY;
+}
+
+/**
+ * Append object to array
+ *
+ * @param array array to add too
+ * @param object the object to add
+ *
+ * @return zero if added, errno otherwise
+ */
+
+int
+heim_array_append_value(heim_array_t array, heim_object_t object)
+{
+    heim_object_t *ptr;
+
+    ptr = realloc(array->val, (array->len + 1) * sizeof(array->val[0]));
+    if (ptr == NULL)
+	return ENOMEM;
+    array->val = ptr;
+    array->val[array->len++] = heim_retain(object);
+
+    return 0;
+}
+
+/**
+ * Iterate over all objects in array
+ *
+ * @param array array to iterate over
+ * @param fn function to call on each object
+ * @param ctx context passed to fn
+ */
+
+void
+heim_array_iterate_f(heim_array_t array, heim_array_iterator_f_t fn, void *ctx)
+{
+    size_t n;
+    for (n = 0; n < array->len; n++)
+	fn(array->val[n], ctx);
+}
+
+#ifdef __BLOCKS__
+/**
+ * Iterate over all objects in array
+ *
+ * @param array array to iterate over
+ * @param fn block to call on each object
+ */
+
+void
+heim_array_iterate(heim_array_t array, void (^fn)(heim_object_t))
+{
+    size_t n;
+    for (n = 0; n < array->len; n++)
+	fn(array->val[n]);
+}
+#endif
+
+/**
+ * Get length of array
+ *
+ * @param array array to get length of
+ *
+ * @return length of array
+ */
+
+size_t
+heim_array_get_length(heim_array_t array)
+{
+    return array->len;
+}
+
+/**
+ * Copy value of array
+ *
+ * @param array array copy object from
+ * @param idx index of object, 0 based, must be smaller then
+ *        heim_array_get_length()
+ *
+ * @return a retained copy of the object
+ */
+
+heim_object_t
+heim_array_copy_value(heim_array_t array, size_t idx)
+{
+    if (idx >= array->len)
+	heim_abort("index too large");
+    return heim_retain(array->val[idx]);
+}
+
+/**
+ * Delete value at idx
+ *
+ * @param array the array to modify
+ * @param idx the key to delete
+ */
+
+void
+heim_array_delete_value(heim_array_t array, size_t idx)
+{
+    heim_object_t obj;
+    if (idx >= array->len)
+	heim_abort("index too large");
+    obj = array->val[idx];
+
+    array->len--;
+
+    if (idx < array->len)
+	memmove(&array->val[idx], &array->val[idx + 1],
+		(array->len - idx) * sizeof(array->val[0]));
+
+    heim_release(obj);
+}
+
+#ifdef __BLOCKS__
+/**
+ * Get value at idx
+ *
+ * @param array the array to modify
+ * @param idx the key to delete
+ */
+
+void
+heim_array_filter(heim_array_t array, bool (^block)(heim_object_t))
+{
+    size_t n = 0;
+
+    while (n < array->len) {
+	if (block(array->val[n])) {
+	    heim_array_delete_value(array, n);
+	} else {
+	    n++;
+	}
+    }
+}
+
+#endif /* __BLOCKS__ */

crypto/external/bsd/heimdal/dist/base/baselocl.h

@@ -0,0 +1,134 @@
+/*	$NetBSD: baselocl.h,v 1.2 2011/04/16 17:45:44 martin Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "heimqueue.h"
+#include "heim_threads.h"
+#include <krb5/heimbase.h>
+#include "heimbasepriv.h"
+
+#ifdef HAVE_DISPATCH_DISPATCH_H
+#include <dispatch/dispatch.h>
+#endif
+
+#if defined(USE_ATOMIC_INCDEC)
+
+#include <sys/atomic.h>
+#define heim_base_atomic_inc(x) atomic_inc_32_nv((x))
+#define heim_base_atomic_dec(x) atomic_dec_32_nv((x))
+#define heim_base_atomic_type	uint32_t
+#define heim_base_atomic_max    UINT32_MAX
+
+#define heim_base_exchange_pointer(t,v) atomic_swap_ptr((t), (v))
+
+#elif defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH)
+
+#define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1)
+#define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1)
+#define heim_base_atomic_type	unsigned int
+#define heim_base_atomic_max    UINT_MAX
+
+#define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v))
+
+#elif defined(_WIN32)
+
+#define heim_base_atomic_inc(x) InterlockedIncrement(x)
+#define heim_base_atomic_dec(x) InterlockedDecrement(x)
+#define heim_base_atomic_type	LONG
+#define heim_base_atomic_max    MAXLONG
+
+#define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v))
+
+#else
+
+#define HEIM_BASE_NEED_ATOMIC_MUTEX 1
+extern HEIMDAL_MUTEX _heim_base_mutex;
+
+#define heim_base_atomic_type	unsigned int
+
+static inline heim_base_atomic_type
+heim_base_atomic_inc(heim_base_atomic_type *x)
+{
+    heim_base_atomic_type t;
+    HEIMDAL_MUTEX_lock(&_heim_base_mutex);
+    t = ++(*x);
+    HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
+    return t;
+}
+
+static inline heim_base_atomic_type
+heim_base_atomic_dec(heim_base_atomic_type *x)
+{
+    heim_base_atomic_type t;
+    HEIMDAL_MUTEX_lock(&_heim_base_mutex);
+    t = --(*x);
+    HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
+    return t;
+}
+
+#define heim_base_atomic_max    UINT_MAX
+
+#endif
+
+/* tagged strings/object/XXX */
+#define heim_base_is_tagged(x) (((uintptr_t)(x)) & 0x3)
+
+#define heim_base_is_tagged_object(x) ((((uintptr_t)(x)) & 0x3) == 1)
+#define heim_base_make_tagged_object(x, tid) \
+    ((heim_object_t)((((uintptr_t)(x)) << 5) | ((tid) << 2) | 0x1))
+#define heim_base_tagged_object_tid(x) ((((uintptr_t)(x)) & 0x1f) >> 2)
+#define heim_base_tagged_object_value(x) (((uintptr_t)(x)) >> 5)
+
+/*
+ *
+ */
+
+#undef HEIMDAL_NORETURN_ATTRIBUTE
+#define HEIMDAL_NORETURN_ATTRIBUTE
+#undef HEIMDAL_PRINTF_ATTRIBUTE
+#define HEIMDAL_PRINTF_ATTRIBUTE(x)

crypto/external/bsd/heimdal/dist/base/bool.c

@@ -0,0 +1,60 @@
+/*	$NetBSD: bool.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+struct heim_type_data _heim_bool_object = {
+    HEIM_TID_BOOL,
+    "bool-object",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+heim_bool_t
+heim_bool_create(int val)
+{
+    return heim_base_make_tagged_object(!!val, HEIM_TID_BOOL);
+}
+
+int
+heim_bool_val(heim_bool_t ptr)
+{
+    return heim_base_tagged_object_value(ptr);
+}

crypto/external/bsd/heimdal/dist/base/dict.c

@@ -0,0 +1,284 @@
+/*	$NetBSD: dict.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2002, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+struct hashentry {
+    struct hashentry **prev;
+    struct hashentry *next;
+    heim_object_t key;
+    heim_object_t value;
+};
+
+struct heim_dict_data {
+    size_t size;
+    struct hashentry **tab;
+};
+
+static void
+dict_dealloc(void *ptr)
+{
+    heim_dict_t dict = ptr;
+    struct hashentry **h, *g, *i;
+
+    for (h = dict->tab; h < &dict->tab[dict->size]; ++h) {
+	for (g = h[0]; g; g = i) {
+	    i = g->next;
+	    heim_release(g->key);
+	    heim_release(g->value);
+	    free(g);
+	}
+    }
+    free(dict->tab);
+}
+
+struct heim_type_data dict_object = {
+    HEIM_TID_DICT,
+    "dict-object",
+    NULL,
+    dict_dealloc,
+    NULL,
+    NULL,
+    NULL
+};
+
+static size_t
+isprime(size_t p)
+{
+    int q, i;
+
+    for(i = 2 ; i < p; i++) {
+	q = p / i;
+
+	if (i * q == p)
+	    return 0;
+	if (i * i > p)
+	    return 1;
+    }
+    return 1;
+}
+
+static size_t
+findprime(size_t p)
+{
+    if (p % 2 == 0)
+	p++;
+
+    while (isprime(p) == 0)
+	p += 2;
+
+    return p;
+}
+
+/**
+ * Allocate an array
+ *
+ * @return A new allocated array, free with heim_release()
+ */
+
+heim_dict_t
+heim_dict_create(size_t size)
+{
+    heim_dict_t dict;
+
+    dict = _heim_alloc_object(&dict_object, sizeof(*dict));
+
+    dict->size = findprime(size);
+    if (dict->size == 0) {
+	heim_release(dict);
+	return NULL;
+    }
+    
+    dict->tab = calloc(dict->size, sizeof(dict->tab[0]));
+    if (dict->tab == NULL) {
+	dict->size = 0;
+	heim_release(dict);
+	return NULL;
+    }
+
+    return dict;
+}
+
+/**
+ * Get type id of an dict
+ *
+ * @return the type id
+ */
+
+heim_tid_t
+heim_dict_get_type_id(void)
+{
+    return HEIM_TID_DICT;
+}
+
+/* Intern search function */
+
+static struct hashentry *
+_search(heim_dict_t dict, heim_object_t ptr)
+{
+    unsigned long v = heim_get_hash(ptr);
+    struct hashentry *p;
+
+    for (p = dict->tab[v % dict->size]; p != NULL; p = p->next)
+	if (heim_cmp(ptr, p->key) == 0)
+	    return p;
+
+    return NULL;
+}
+
+/**
+ * Search for element in hash table
+ *
+ * @value dict the dict to search in
+ * @value key the key to search for
+ *
+ * @return a retained copy of the value for key or NULL if not found
+ */
+
+heim_object_t
+heim_dict_copy_value(heim_dict_t dict, heim_object_t key)
+{
+    struct hashentry *p;
+    p = _search(dict, key);
+    if (p == NULL)
+	return NULL;
+
+    return heim_retain(p->value);
+}
+
+/**
+ * Add key and value to dict
+ *
+ * @value dict the dict to add too
+ * @value key the key to add
+ * @value value the value to add
+ *
+ * @return 0 if added, errno if not
+ */
+
+int
+heim_dict_add_value(heim_dict_t dict, heim_object_t key, heim_object_t value)
+{
+    struct hashentry **tabptr, *h;
+
+    h = _search(dict, key);
+    if (h) {
+	heim_release(h->value);
+	h->value = heim_retain(value);
+    } else {
+	unsigned long v;
+
+	h = malloc(sizeof(*h));
+	if (h == NULL)
+	    return ENOMEM;
+
+	h->key = heim_retain(key);
+	h->value = heim_retain(value);
+
+	v = heim_get_hash(key);
+
+	tabptr = &dict->tab[v % dict->size];
+	h->next = *tabptr;
+	*tabptr = h;
+	h->prev = tabptr;
+	if (h->next)
+	    h->next->prev = &h->next;
+    }
+
+    return 0;
+}
+
+/**
+ * Delete element with key key
+ *
+ * @value dict the dict to delete from
+ * @value key the key to delete
+ */
+
+void
+heim_dict_delete_key(heim_dict_t dict, heim_object_t key)
+{
+    struct hashentry *h = _search(dict, key);
+
+    if (h == NULL)
+	return;
+
+    heim_release(h->key);
+    heim_release(h->value);
+
+    if ((*(h->prev) = h->next) != NULL)
+	h->next->prev = h->prev;
+
+    free(h);
+}
+
+/**
+ * Do something for each element
+ *
+ * @value dict the dict to interate over
+ * @value func the function to search for
+ * @value arg argument to func
+ */
+
+void
+heim_dict_iterate_f(heim_dict_t dict, heim_dict_iterator_f_t func, void *arg)
+{
+    struct hashentry **h, *g;
+
+    for (h = dict->tab; h < &dict->tab[dict->size]; ++h)
+	for (g = *h; g; g = g->next)
+	    func(g->key, g->value, arg);
+}
+
+#ifdef __BLOCKS__
+/**
+ * Do something for each element
+ *
+ * @value dict the dict to interate over
+ * @value func the function to search for
+ */
+
+void
+heim_dict_iterate(heim_dict_t dict, void (^func)(heim_object_t, heim_object_t))
+{
+    struct hashentry **h, *g;
+
+    for (h = dict->tab; h < &dict->tab[dict->size]; ++h)
+	for (g = *h; g; g = g->next)
+	    func(g->key, g->value);
+}
+#endif

crypto/external/bsd/heimdal/dist/base/heimbase.c

@@ -0,0 +1,561 @@
+/*	$NetBSD: heimbase.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+#include <syslog.h>
+
+static heim_base_atomic_type tidglobal = HEIM_TID_USER;
+
+struct heim_base {
+    heim_type_t isa;
+    heim_base_atomic_type ref_cnt;
+    HEIM_TAILQ_ENTRY(heim_base) autorel;
+    heim_auto_release_t autorelpool;
+    uintptr_t isaextra[3];
+};
+
+/* specialized version of base */
+struct heim_base_mem {
+    heim_type_t isa;
+    heim_base_atomic_type ref_cnt;
+    HEIM_TAILQ_ENTRY(heim_base) autorel;
+    heim_auto_release_t autorelpool;
+    const char *name;
+    void (*dealloc)(void *);
+    uintptr_t isaextra[1];
+};
+
+#define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1)
+#define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1))
+
+#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX
+HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER;
+#endif
+
+/*
+ * Auto release structure
+ */
+
+struct heim_auto_release {
+    HEIM_TAILQ_HEAD(, heim_base) pool;
+    HEIMDAL_MUTEX pool_mutex;
+    struct heim_auto_release *parent;
+};
+
+
+/**
+ * Retain object
+ *
+ * @param object to be released, NULL is ok
+ *
+ * @return the same object as passed in
+ */
+
+void *
+heim_retain(void *ptr)
+{
+    struct heim_base *p = PTR2BASE(ptr);
+
+    if (ptr == NULL || heim_base_is_tagged(ptr))
+	return ptr;
+
+    if (p->ref_cnt == heim_base_atomic_max)
+	return ptr;
+
+    if ((heim_base_atomic_inc(&p->ref_cnt) - 1) == 0)
+	heim_abort("resurection");
+    return ptr;
+}
+
+/**
+ * Release object, free is reference count reaches zero
+ *
+ * @param object to be released
+ */
+
+void
+heim_release(void *ptr)
+{
+    heim_base_atomic_type old;
+    struct heim_base *p = PTR2BASE(ptr);
+
+    if (ptr == NULL || heim_base_is_tagged(ptr))
+	return;
+
+    if (p->ref_cnt == heim_base_atomic_max)
+	return;
+
+    old = heim_base_atomic_dec(&p->ref_cnt) + 1;
+
+    if (old > 1)
+	return;
+
+    if (old == 1) {
+	heim_auto_release_t ar = p->autorelpool;
+	/* remove from autorel pool list */
+	if (ar) {
+	    p->autorelpool = NULL;
+	    HEIMDAL_MUTEX_lock(&ar->pool_mutex);
+	    HEIM_TAILQ_REMOVE(&ar->pool, p, autorel);
+	    HEIMDAL_MUTEX_unlock(&ar->pool_mutex);
+	}
+	if (p->isa->dealloc)
+	    p->isa->dealloc(ptr);
+	free(p);
+    } else
+	heim_abort("over release");
+}
+
+static heim_type_t tagged_isa[9] = {
+    &_heim_number_object,
+    &_heim_null_object,
+    &_heim_bool_object,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL
+};
+
+heim_type_t
+_heim_get_isa(heim_object_t ptr)
+{
+    struct heim_base *p;
+    if (heim_base_is_tagged(ptr)) {
+	if (heim_base_is_tagged_object(ptr))
+	    return tagged_isa[heim_base_tagged_object_tid(ptr)];
+	heim_abort("not a supported tagged type");
+    }
+    p = PTR2BASE(ptr);
+    return p->isa;
+}
+
+/**
+ * Get type ID of object
+ *
+ * @param object object to get type id of
+ *
+ * @return type id of object
+ */
+
+heim_tid_t
+heim_get_tid(heim_object_t ptr)
+{
+    heim_type_t isa = _heim_get_isa(ptr);
+    return isa->tid;
+}
+
+/**
+ * Get hash value of object
+ *
+ * @param object object to get hash value for
+ *
+ * @return a hash value
+ */
+
+unsigned long
+heim_get_hash(heim_object_t ptr)
+{
+    heim_type_t isa = _heim_get_isa(ptr);
+    if (isa->hash)
+	return isa->hash(ptr);
+    return (unsigned long)ptr;
+}
+
+/**
+ * Compare two objects, returns 0 if equal, can use used for qsort()
+ * and friends.
+ *
+ * @param a first object to compare
+ * @param b first object to compare
+ *
+ * @return 0 if objects are equal
+ */
+
+int
+heim_cmp(heim_object_t a, heim_object_t b)
+{
+    heim_tid_t ta, tb;
+    heim_type_t isa;
+
+    ta = heim_get_tid(a);
+    tb = heim_get_tid(b);
+
+    if (ta != tb)
+	return ta - tb;
+
+    isa = _heim_get_isa(a);
+
+    if (isa->cmp)
+	return isa->cmp(a, b);
+
+    return (uintptr_t)a - (uintptr_t)b;
+}
+
+/*
+ * Private - allocates an memory object
+ */
+
+static void
+memory_dealloc(void *ptr)
+{
+    struct heim_base_mem *p = (struct heim_base_mem *)PTR2BASE(ptr);
+    if (p->dealloc)
+	p->dealloc(ptr);
+}
+
+struct heim_type_data memory_object = {
+    HEIM_TID_MEMORY,
+    "memory-object",
+    NULL,
+    memory_dealloc,
+    NULL,
+    NULL,
+    NULL
+};
+
+void *
+heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc)
+{
+    /* XXX use posix_memalign */
+
+    struct heim_base_mem *p = calloc(1, size + sizeof(*p));
+    if (p == NULL)
+	return NULL;
+    p->isa = &memory_object;
+    p->ref_cnt = 1;
+    p->name = name;
+    p->dealloc = dealloc;
+    return BASE2PTR(p);
+}
+
+heim_type_t
+_heim_create_type(const char *name,
+		  heim_type_init init,
+		  heim_type_dealloc dealloc,
+		  heim_type_copy copy,
+		  heim_type_cmp cmp,
+		  heim_type_hash hash)
+{
+    heim_type_t type;
+
+    type = calloc(1, sizeof(*type));
+    if (type == NULL)
+	return NULL;
+
+    type->tid = heim_base_atomic_inc(&tidglobal);
+    type->name = name;
+    type->init = init;
+    type->dealloc = dealloc;
+    type->copy = copy;
+    type->cmp = cmp;
+    type->hash = hash;
+
+    return type;
+}
+
+heim_object_t
+_heim_alloc_object(heim_type_t type, size_t size)
+{
+    /* XXX should use posix_memalign */
+    struct heim_base *p = calloc(1, size + sizeof(*p));
+    if (p == NULL)
+	return NULL;
+    p->isa = type;
+    p->ref_cnt = 1;
+
+    return BASE2PTR(p);
+}
+
+heim_tid_t
+_heim_type_get_tid(heim_type_t type)
+{
+    return type->tid;
+}
+
+/**
+ * Call func once and only once
+ *
+ * @param once pointer to a heim_base_once_t
+ * @param ctx context passed to func
+ * @param func function to be called
+ */
+
+void
+heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *))
+{
+#ifdef HAVE_DISPATCH_DISPATCH_H
+    dispatch_once_f(once, ctx, func);
+#else
+    static HEIMDAL_MUTEX mutex = HEIMDAL_MUTEX_INITIALIZER;
+    HEIMDAL_MUTEX_lock(&mutex);
+    if (*once == 0) {
+	*once = 1;
+	HEIMDAL_MUTEX_unlock(&mutex);
+	func(ctx);
+	HEIMDAL_MUTEX_lock(&mutex);
+	*once = 2;
+	HEIMDAL_MUTEX_unlock(&mutex);
+    } else if (*once == 2) {
+	HEIMDAL_MUTEX_unlock(&mutex);
+    } else {
+	HEIMDAL_MUTEX_unlock(&mutex);
+	while (1) {
+	    struct timeval tv = { 0, 1000 };
+	    select(0, NULL, NULL, NULL, &tv);
+	    HEIMDAL_MUTEX_lock(&mutex);
+	    if (*once == 2)
+		break;
+	    HEIMDAL_MUTEX_unlock(&mutex);
+	}
+	HEIMDAL_MUTEX_unlock(&mutex);
+    }
+#endif
+}
+
+/**
+ * Abort and log the failure (using syslog)
+ */
+
+void
+heim_abort(const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    heim_abortv(fmt, ap);
+    va_end(ap);
+}
+
+/**
+ * Abort and log the failure (using syslog)
+ */
+
+void
+heim_abortv(const char *fmt, va_list ap)
+{
+    static char str[1024];
+    
+    vsnprintf(str, sizeof(str), fmt, ap);
+    syslog(LOG_ERR, "heim_abort: %s", str);
+    abort();
+}
+
+/*
+ *
+ */
+
+static int ar_created = 0;
+static HEIMDAL_thread_key ar_key;
+
+struct ar_tls {
+    struct heim_auto_release *head;
+    struct heim_auto_release *current;
+    HEIMDAL_MUTEX tls_mutex;
+};
+
+static void
+ar_tls_delete(void *ptr)
+{
+    struct ar_tls *tls = ptr;
+    if (tls->head)
+	heim_release(tls->head);
+    free(tls);
+}
+
+static void
+init_ar_tls(void *ptr)
+{
+    int ret;
+    HEIMDAL_key_create(&ar_key, ar_tls_delete, ret);
+    if (ret == 0)
+	ar_created = 1;
+}
+
+static struct ar_tls *
+autorel_tls(void)
+{
+    static heim_base_once_t once = HEIM_BASE_ONCE_INIT;
+    struct ar_tls *arp;
+    int ret;
+
+    heim_base_once_f(&once, NULL, init_ar_tls);
+    if (!ar_created)
+	return NULL;
+
+    arp = HEIMDAL_getspecific(ar_key);
+    if (arp == NULL) {
+
+	arp = calloc(1, sizeof(*arp));
+	if (arp == NULL)
+	    return NULL;
+	HEIMDAL_setspecific(ar_key, arp, ret);
+	if (ret) {
+	    free(arp);
+	    return NULL;
+	}
+    }
+    return arp;
+
+}
+
+static void
+autorel_dealloc(void *ptr)
+{
+    heim_auto_release_t ar = ptr;
+    struct ar_tls *tls;
+
+    tls = autorel_tls();
+    if (tls == NULL)
+	heim_abort("autorelease pool released on thread w/o autorelease inited");
+
+    heim_auto_release_drain(ar);
+
+    if (!HEIM_TAILQ_EMPTY(&ar->pool))
+	heim_abort("pool not empty after draining");
+
+    HEIMDAL_MUTEX_lock(&tls->tls_mutex);
+    if (tls->current != ptr)
+	heim_abort("autorelease not releaseing top pool");
+
+    if (tls->current != tls->head)
+	tls->current = ar->parent;
+    HEIMDAL_MUTEX_unlock(&tls->tls_mutex);
+}
+
+static int
+autorel_cmp(void *a, void *b)
+{
+    return (a == b);
+}
+
+static unsigned long
+autorel_hash(void *ptr)
+{
+    return (unsigned long)ptr;
+}
+
+
+static struct heim_type_data _heim_autorel_object = {
+    HEIM_TID_AUTORELEASE,
+    "autorelease-pool",
+    NULL,
+    autorel_dealloc,
+    NULL,
+    autorel_cmp,
+    autorel_hash
+};
+
+/**
+ *
+ */
+
+heim_auto_release_t
+heim_auto_release_create(void)
+{
+    struct ar_tls *tls = autorel_tls();
+    heim_auto_release_t ar;
+
+    if (tls == NULL)
+	heim_abort("Failed to create/get autorelease head");
+
+    ar = _heim_alloc_object(&_heim_autorel_object, sizeof(struct heim_auto_release));
+    if (ar) {
+	HEIMDAL_MUTEX_lock(&tls->tls_mutex);
+	if (tls->head == NULL)
+	    tls->head = ar;
+	ar->parent = tls->current;
+	tls->current = ar;
+	HEIMDAL_MUTEX_unlock(&tls->tls_mutex);
+    }
+
+    return ar;
+}
+
+/**
+ * Mark the current object as a
+ */
+
+void
+heim_auto_release(heim_object_t ptr)
+{
+    struct heim_base *p = PTR2BASE(ptr);
+    struct ar_tls *tls = autorel_tls();
+    heim_auto_release_t ar;
+
+    if (ptr == NULL || heim_base_is_tagged(ptr))
+	return;
+
+    /* drop from old pool */
+    if ((ar = p->autorelpool) != NULL) {
+	HEIMDAL_MUTEX_lock(&ar->pool_mutex);
+	HEIM_TAILQ_REMOVE(&ar->pool, p, autorel);
+	p->autorelpool = NULL;
+	HEIMDAL_MUTEX_unlock(&ar->pool_mutex);
+    }
+
+    if (tls == NULL || (ar = tls->current) == NULL)
+	heim_abort("no auto relase pool in place, would leak");
+
+    HEIMDAL_MUTEX_lock(&ar->pool_mutex);
+    HEIM_TAILQ_INSERT_HEAD(&ar->pool, p, autorel);
+    p->autorelpool = ar;
+    HEIMDAL_MUTEX_unlock(&ar->pool_mutex);
+}
+
+/**
+ *
+ */
+
+void
+heim_auto_release_drain(heim_auto_release_t autorel)
+{
+    heim_object_t obj;
+
+    /* release all elements on the tail queue */
+
+    HEIMDAL_MUTEX_lock(&autorel->pool_mutex);
+    while(!HEIM_TAILQ_EMPTY(&autorel->pool)) {
+	obj = HEIM_TAILQ_FIRST(&autorel->pool);
+	HEIMDAL_MUTEX_unlock(&autorel->pool_mutex);
+	heim_release(BASE2PTR(obj));
+	HEIMDAL_MUTEX_lock(&autorel->pool_mutex);
+    }
+    HEIMDAL_MUTEX_unlock(&autorel->pool_mutex);
+}

crypto/external/bsd/heimdal/dist/base/heimbase.h

@@ -0,0 +1,174 @@
+/*	$NetBSD: heimbase.h,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef HEIM_BASE_H
+#define HEIM_BASE_H 1
+
+#include <sys/types.h>
+#include <krb5/krb5-types.h>
+#include <stdarg.h>
+#include <stdbool.h>
+
+typedef void * heim_object_t;
+typedef unsigned int heim_tid_t;
+typedef heim_object_t heim_bool_t;
+typedef heim_object_t heim_null_t;
+#define HEIM_BASE_ONCE_INIT 0
+typedef long heim_base_once_t; /* XXX arch dependant */
+
+void *	heim_retain(heim_object_t);
+void	heim_release(heim_object_t);
+
+typedef void (*heim_type_dealloc)(void *);
+
+void *
+heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc);
+
+heim_tid_t
+heim_get_tid(heim_object_t object);
+
+int
+heim_cmp(heim_object_t a, heim_object_t b);
+
+unsigned long
+heim_get_hash(heim_object_t ptr);
+
+void
+heim_base_once_f(heim_base_once_t *, void *, void (*)(void *));
+
+void
+heim_abort(const char *fmt, ...)
+    HEIMDAL_NORETURN_ATTRIBUTE
+    HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 2));
+
+void
+heim_abortv(const char *fmt, va_list ap)
+    HEIMDAL_NORETURN_ATTRIBUTE
+    HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0));
+
+#define heim_assert(e,t) \
+    (__builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0)
+
+/*
+ *
+ */
+
+heim_null_t
+heim_null_create(void);
+
+heim_bool_t
+heim_bool_create(int);
+
+int
+heim_bool_val(heim_bool_t);
+
+/*
+ * Array
+ */
+
+typedef struct heim_array_data *heim_array_t;
+
+heim_array_t heim_array_create(void);
+heim_tid_t heim_array_get_type_id(void);
+
+typedef void (*heim_array_iterator_f_t)(heim_object_t, void *);
+
+int	heim_array_append_value(heim_array_t, heim_object_t);
+void	heim_array_iterate_f(heim_array_t, heim_array_iterator_f_t, void *);
+#ifdef __BLOCKS__
+void	heim_array_iterate(heim_array_t, void (^)(heim_object_t));
+#endif
+size_t	heim_array_get_length(heim_array_t);
+heim_object_t
+	heim_array_copy_value(heim_array_t, size_t);
+void	heim_array_delete_value(heim_array_t, size_t);
+#ifdef __BLOCKS__
+void	heim_array_filter(heim_array_t, bool (^)(heim_object_t));
+#endif
+
+/*
+ * Dict
+ */
+
+typedef struct heim_dict_data *heim_dict_t;
+
+heim_dict_t heim_dict_create(size_t size);
+heim_tid_t heim_dict_get_type_id(void);
+
+typedef void (*heim_dict_iterator_f_t)(heim_object_t, heim_object_t, void *);
+
+int	heim_dict_add_value(heim_dict_t, heim_object_t, heim_object_t);
+void	heim_dict_iterate_f(heim_dict_t, heim_dict_iterator_f_t, void *);
+#ifdef __BLOCKS__
+void	heim_dict_iterate(heim_dict_t, void (^)(heim_object_t, heim_object_t));
+#endif
+
+heim_object_t
+	heim_dict_copy_value(heim_dict_t, heim_object_t);
+void	heim_dict_delete_key(heim_dict_t, heim_object_t);
+
+/*
+ * String
+ */
+
+typedef struct heim_string_data *heim_string_t;
+
+heim_string_t heim_string_create(const char *);
+heim_tid_t heim_string_get_type_id(void);
+const char * heim_string_get_utf8(heim_string_t);
+
+/*
+ * Number
+ */
+
+typedef struct heim_number_data *heim_number_t;
+
+heim_number_t heim_number_create(int);
+heim_tid_t heim_number_get_type_id(void);
+int heim_number_get_int(heim_number_t);
+
+/*
+ *
+ */
+
+typedef struct heim_auto_release * heim_auto_release_t;
+
+heim_auto_release_t heim_auto_release_create(void);
+void heim_auto_release_drain(heim_auto_release_t);
+void heim_auto_release(heim_object_t);
+
+#endif /* HEIM_BASE_H */

crypto/external/bsd/heimdal/dist/base/heimbasepriv.h

@@ -0,0 +1,93 @@
+/*	$NetBSD: heimbasepriv.h,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+typedef void (*heim_type_init)(void *);
+typedef heim_object_t (*heim_type_copy)(void *);
+typedef int (*heim_type_cmp)(void *, void *);
+typedef unsigned long (*heim_type_hash)(void *);
+
+typedef struct heim_type_data *heim_type_t;
+
+enum {
+    HEIM_TID_NUMBER = 0,
+    HEIM_TID_NULL = 1,
+    HEIM_TID_BOOL = 2,
+    HEIM_TID_TAGGED_UNUSED2 = 3,
+    HEIM_TID_TAGGED_UNUSED3 = 4,
+    HEIM_TID_TAGGED_UNUSED4 = 5,
+    HEIM_TID_TAGGED_UNUSED5 = 6,
+    HEIM_TID_TAGGED_UNUSED6 = 7,
+    HEIM_TID_MEMORY = 128,
+    HEIM_TID_ARRAY = 129,
+    HEIM_TID_DICT = 130,
+    HEIM_TID_STRING = 131,
+    HEIM_TID_AUTORELEASE = 132,
+    HEIM_TID_USER = 255
+
+};
+
+struct heim_type_data {
+    heim_tid_t tid;
+    const char *name;
+    heim_type_init init;
+    heim_type_dealloc dealloc;
+    heim_type_copy copy;
+    heim_type_cmp cmp;
+    heim_type_hash hash;
+};
+
+heim_type_t _heim_get_isa(heim_object_t);
+
+heim_type_t
+_heim_create_type(const char *name,
+		  heim_type_init init,
+		  heim_type_dealloc dealloc,
+		  heim_type_copy copy,
+		  heim_type_cmp cmp,
+		  heim_type_hash hash);
+
+heim_object_t
+_heim_alloc_object(heim_type_t type, size_t size);
+
+heim_tid_t
+_heim_type_get_tid(heim_type_t type);
+
+/* tagged tid */
+extern struct heim_type_data _heim_null_object;
+extern struct heim_type_data _heim_bool_object;
+extern struct heim_type_data _heim_number_object;
+extern struct heim_type_data _heim_string_object;

crypto/external/bsd/heimdal/dist/base/heimqueue.h

@@ -0,0 +1,169 @@
+/*	$NetBSD: heimqueue.h,v 1.1.1.2 2011/04/14 14:08:07 elric Exp $	*/
+
+/*	NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp	*/
+/*	Id */
+
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)queue.h	8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef	_HEIM_QUEUE_H_
+#define	_HEIM_QUEUE_H_
+
+/*
+ * Tail queue definitions.
+ */
+#define	HEIM_TAILQ_HEAD(name, type)					\
+struct name {								\
+	struct type *tqh_first;	/* first element */			\
+	struct type **tqh_last;	/* addr of last next element */		\
+}
+
+#define	HEIM_TAILQ_HEAD_INITIALIZER(head)				\
+	{ NULL, &(head).tqh_first }
+#define	HEIM_TAILQ_ENTRY(type)						\
+struct {								\
+	struct type *tqe_next;	/* next element */			\
+	struct type **tqe_prev;	/* address of previous next element */	\
+}
+
+/*
+ * Tail queue functions.
+ */
+#if defined(_KERNEL) && defined(QUEUEDEBUG)
+#define	QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field)		\
+	if ((head)->tqh_first &&					\
+	    (head)->tqh_first->field.tqe_prev != &(head)->tqh_first)	\
+		panic("HEIM_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__);
+#define	QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field)		\
+	if (*(head)->tqh_last != NULL)					\
+		panic("HEIM_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__);
+#define	QUEUEDEBUG_HEIM_TAILQ_OP(elm, field)				\
+	if ((elm)->field.tqe_next &&					\
+	    (elm)->field.tqe_next->field.tqe_prev !=			\
+	    &(elm)->field.tqe_next)					\
+		panic("HEIM_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\
+	if (*(elm)->field.tqe_prev != (elm))				\
+		panic("HEIM_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__);
+#define	QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field)		\
+	if ((elm)->field.tqe_next == NULL &&				\
+	    (head)->tqh_last != &(elm)->field.tqe_next)			\
+		panic("HEIM_TAILQ_PREREMOVE head %p elm %p %s:%d",	\
+		      (head), (elm), __FILE__, __LINE__);
+#define	QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field)			\
+	(elm)->field.tqe_next = (void *)1L;				\
+	(elm)->field.tqe_prev = (void *)1L;
+#else
+#define	QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field)
+#define	QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field)
+#define	QUEUEDEBUG_HEIM_TAILQ_OP(elm, field)
+#define	QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field)
+#define	QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field)
+#endif
+
+#define	HEIM_TAILQ_INIT(head) do {					\
+	(head)->tqh_first = NULL;					\
+	(head)->tqh_last = &(head)->tqh_first;				\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_INSERT_HEAD(head, elm, field) do {			\
+	QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD((head), (elm), field)		\
+	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
+		(head)->tqh_first->field.tqe_prev =			\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(head)->tqh_first = (elm);					\
+	(elm)->field.tqe_prev = &(head)->tqh_first;			\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_INSERT_TAIL(head, elm, field) do {			\
+	QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL((head), (elm), field)		\
+	(elm)->field.tqe_next = NULL;					\
+	(elm)->field.tqe_prev = (head)->tqh_last;			\
+	*(head)->tqh_last = (elm);					\
+	(head)->tqh_last = &(elm)->field.tqe_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field)			\
+	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(listelm)->field.tqe_next = (elm);				\
+	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_INSERT_BEFORE(listelm, elm, field) do {		\
+	QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field)			\
+	(elm)->field.tqe_prev = (listelm)->field.tqe_prev;		\
+	(elm)->field.tqe_next = (listelm);				\
+	*(listelm)->field.tqe_prev = (elm);				\
+	(listelm)->field.tqe_prev = &(elm)->field.tqe_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_REMOVE(head, elm, field) do {			\
+	QUEUEDEBUG_HEIM_TAILQ_PREREMOVE((head), (elm), field)		\
+	QUEUEDEBUG_HEIM_TAILQ_OP((elm), field)				\
+	if (((elm)->field.tqe_next) != NULL)				\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    (elm)->field.tqe_prev;				\
+	else								\
+		(head)->tqh_last = (elm)->field.tqe_prev;		\
+	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
+	QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE((elm), field);			\
+} while (/*CONSTCOND*/0)
+
+#define	HEIM_TAILQ_FOREACH(var, head, field)				\
+	for ((var) = ((head)->tqh_first);				\
+		(var);							\
+		(var) = ((var)->field.tqe_next))
+
+#define	HEIM_TAILQ_FOREACH_REVERSE(var, head, headname, field)		\
+	for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
+		(var);							\
+		(var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
+
+/*
+ * Tail queue access methods.
+ */
+#define	HEIM_TAILQ_EMPTY(head)		((head)->tqh_first == NULL)
+#define	HEIM_TAILQ_FIRST(head)		((head)->tqh_first)
+#define	HEIM_TAILQ_NEXT(elm, field)		((elm)->field.tqe_next)
+
+#define	HEIM_TAILQ_LAST(head, headname) \
+	(*(((struct headname *)((head)->tqh_last))->tqh_last))
+#define	HEIM_TAILQ_PREV(elm, headname, field) \
+	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+
+
+#endif	/* !_HEIM_QUEUE_H_ */

crypto/external/bsd/heimdal/dist/base/json.c

@@ -0,0 +1,149 @@
+/*	$NetBSD: json.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+
+int
+heim_base2json(heim_object_t obj,
+	       void (*out)(char *, void *), void *ctx)
+{
+    heim_tid_t type = heim_get_tid(obj);
+    __block int fail = 0, needcomma = 0;
+
+    switch (type) {
+    case HEIM_TID_ARRAY:
+	out("[ ", ctx);
+	heim_array_iterate(obj, ^(heim_object_t sub) {
+		if (needcomma)
+		    out(", ", ctx);
+		fail |= heim_base2json(sub, out, ctx);
+		needcomma = 1;
+	    });
+	out("]", ctx);
+	break;
+
+    case HEIM_TID_DICT:
+	out("{ ", ctx);
+	heim_dict_iterate(obj, ^(heim_object_t key, heim_object_t value) {
+		if (needcomma)
+		    out(", ", ctx);
+		fail |= heim_base2json(key, out, ctx);
+		out(" = ", ctx);
+		fail |= heim_base2json(value, out, ctx);
+		needcomma = 1;
+	    });
+	out("}", ctx);
+	break;
+
+    case HEIM_TID_STRING:
+	out("\"", ctx);
+	out(heim_string_get_utf8(obj), ctx);
+	out("\"", ctx);
+	break;
+
+    case HEIM_TID_NUMBER: {
+	char num[16];
+	snprintf(num, sizeof(num), "%d", heim_number_get_int(obj));
+	out(num, ctx);
+	break;
+    }
+    case HEIM_TID_NULL:
+	out("null", ctx);
+	break;
+    case HEIM_TID_BOOL:
+	out(heim_bool_val(obj) ? "true" : "false", ctx);
+	break;
+    default:
+	return 1;
+    }
+    return fail;
+}
+
+static int
+parse_dict(heim_dict_t dict, char * const *pp, size_t *len)
+{
+    const char *p = *pp;
+    while (*len) {
+	(*len)--;
+
+	if (*p == '\n') {
+	    p += 1;
+	} else if (isspace(*p)) {
+	    p += 1;
+	} else if (*p == '}') {
+	    *pp = p + 1;
+	    return 0;
+	} else {
+	}
+    }
+    return ENOENT;
+}
+
+
+heim_object_t
+heim_json2base(const void *data, size_t length)
+{
+    heim_array_t stack;
+    heim_object_t o = NULL;
+    const char *p = data;
+    unsigned long lineno = 1;
+
+    while (length) {
+	length--;
+
+	if (*p == '\n') {
+	    lineno++;
+	} else if (isspace((int)*p)) {
+	    ;
+	} else if (*p == '{') {
+	    o = heim_dict_create();
+
+	    if ((ret = parse_dict(&p, &length)) != 0)
+		goto out;
+	} else
+	    abort();
+    }
+
+ out:
+    if (ret && o) {
+	heim_release(o);		       
+	o = NULL;
+    }
+    
+    return o;
+}

crypto/external/bsd/heimdal/dist/base/null.c

@@ -0,0 +1,54 @@
+/*	$NetBSD: null.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+struct heim_type_data _heim_null_object = {
+    HEIM_TID_NULL,
+    "null-object",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+heim_null_t
+heim_null_create(void)
+{
+    return heim_base_make_tagged_object(0, HEIM_TID_NULL);
+}

crypto/external/bsd/heimdal/dist/base/number.c

@@ -0,0 +1,129 @@
+/*	$NetBSD: number.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+
+static void
+number_dealloc(void *ptr)
+{
+}
+
+static int
+number_cmp(void *a, void *b)
+{
+    int na, nb;
+
+    if (heim_base_is_tagged_object(a))
+	na = heim_base_tagged_object_value(a);
+    else
+	na = *(int *)a;
+
+    if (heim_base_is_tagged_object(b))
+	nb = heim_base_tagged_object_value(b);
+    else
+	nb = *(int *)b;
+
+    return na - nb;
+}
+
+static unsigned long
+number_hash(void *ptr)
+{
+    if (heim_base_is_tagged_object(ptr))
+	return heim_base_tagged_object_value(ptr);
+    return (unsigned long)*(int *)ptr;
+}
+
+struct heim_type_data _heim_number_object = {
+    HEIM_TID_NUMBER,
+    "number-object",
+    NULL,
+    number_dealloc,
+    NULL,
+    number_cmp,
+    number_hash
+};
+
+/**
+ * Create a number object
+ *
+ * @param the number to contain in the object
+ *
+ * @return a number object
+ */
+
+heim_number_t
+heim_number_create(int number)
+{
+    heim_number_t n;
+
+    if (number < 0xffffff && number >= 0)
+	return heim_base_make_tagged_object(number, HEIM_TID_NUMBER);
+
+    n = _heim_alloc_object(&_heim_number_object, sizeof(int));
+    if (n)
+	*((int *)n) = number;
+    return n;
+}
+
+/**
+ * Return the type ID of number objects
+ *
+ * @return type id of number objects
+ */
+
+heim_tid_t
+heim_number_get_type_id(void)
+{
+    return HEIM_TID_NUMBER;
+}
+
+/**
+ * Get the int value of the content
+ *
+ * @param number the number object to get the value from
+ *
+ * @return an int
+ */
+
+int
+heim_number_get_int(heim_number_t number)
+{
+    if (heim_base_is_tagged_object(number))
+	return heim_base_tagged_object_value(number);
+    return *(int *)number;
+}

crypto/external/bsd/heimdal/dist/base/roken_rename.h

@@ -0,0 +1,60 @@
+/*	$NetBSD: roken_rename.h,v 1.1.1.2 2011/04/14 14:08:07 elric Exp $	*/
+
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Id */
+
+#ifndef __heimbase_roken_rename_h__
+#define __heimbase_roken_rename_h__
+
+#ifndef HAVE_SNPRINTF
+#define rk_snprintf heimbase_snprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define rk_vsnprintf heimbase_vsnprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define rk_asprintf heimbase_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define rk_asnprintf heimbase_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define rk_vasprintf heimbase_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define rk_vasnprintf heimbase_vasnprintf
+#endif
+
+#endif /* __heimbase_roken_rename_h__ */

crypto/external/bsd/heimdal/dist/base/string.c

@@ -0,0 +1,117 @@
+/*	$NetBSD: string.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "baselocl.h"
+#include <string.h>
+
+static void
+string_dealloc(void *ptr)
+{
+}
+
+static int
+string_cmp(void *a, void *b)
+{
+    return strcmp(a, b);
+}
+
+static unsigned long
+string_hash(void *ptr)
+{
+    const char *s = ptr;
+    unsigned long n;
+
+    for (n = 0; *s; ++s)
+	n += *s;
+    return n;
+}
+
+struct heim_type_data _heim_string_object = {
+    HEIM_TID_STRING,
+    "string-object",
+    NULL,
+    string_dealloc,
+    NULL,
+    string_cmp,
+    string_hash
+};
+
+/**
+ * Create a string object
+ *
+ * @param string the string to create, must be an utf8 string
+ *
+ * @return string object
+ */
+
+heim_string_t
+heim_string_create(const char *string)
+{
+    size_t len = strlen(string);
+    heim_string_t s;
+
+    s = _heim_alloc_object(&_heim_string_object, len + 1);
+    if (s)
+	memcpy(s, string, len + 1);
+    return s;
+}
+
+/**
+ * Return the type ID of string objects
+ *
+ * @return type id of string objects
+ */
+
+heim_tid_t
+heim_string_get_type_id(void)
+{
+    return HEIM_TID_STRING;
+}
+
+/**
+ * Get the string value of the content.
+ *
+ * @param string the string object to get the value from
+ *
+ * @return a utf8 string
+ */
+
+const char *
+heim_string_get_utf8(heim_string_t string)
+{
+    return (const char *)string;
+}

crypto/external/bsd/heimdal/dist/base/test_base.c

@@ -0,0 +1,153 @@
+/*	$NetBSD: test_base.c,v 1.1.1.1 2011/04/13 18:14:32 elric Exp $	*/
+
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <err.h>
+
+#include <krb5/heimbase.h>
+#include "heimbasepriv.h"
+
+static void
+memory_free(heim_object_t obj)
+{
+}
+
+static int
+test_memory(void)
+{
+    void *ptr;
+
+    ptr = heim_alloc(10, "memory", memory_free);
+
+    heim_retain(ptr);
+    heim_release(ptr);
+
+    heim_retain(ptr);
+    heim_release(ptr);
+
+    heim_release(ptr);
+
+    ptr = heim_alloc(10, "memory", NULL);
+    heim_release(ptr);
+
+    return 0;
+}
+
+static int
+test_dict(void)
+{
+    heim_dict_t dict;
+    heim_number_t a1 = heim_number_create(1);
+    heim_string_t a2 = heim_string_create("hejsan");
+    heim_number_t a3 = heim_number_create(3);
+    heim_string_t a4 = heim_string_create("foosan");
+
+    dict = heim_dict_create(10);
+
+    heim_dict_add_value(dict, a1, a2);
+    heim_dict_add_value(dict, a3, a4);
+
+    heim_dict_delete_key(dict, a3);
+    heim_dict_delete_key(dict, a1);
+
+    heim_release(a1);
+    heim_release(a2);
+    heim_release(a3);
+    heim_release(a4);
+
+    heim_release(dict);
+
+    return 0;
+}
+
+static int
+test_auto_release(void)
+{
+    heim_auto_release_t ar1, ar2;
+    heim_number_t n1;
+    heim_string_t s1;
+
+    ar1 = heim_auto_release_create();
+
+    s1 = heim_string_create("hejsan");
+    heim_auto_release(s1);
+
+    n1 = heim_number_create(1);
+    heim_auto_release(n1);
+
+    ar2 = heim_auto_release_create();
+
+    n1 = heim_number_create(1);
+    heim_auto_release(n1);
+
+    heim_release(ar2);
+    heim_release(ar1);
+
+    return 0;
+}
+
+static int
+test_string(void)
+{
+    heim_string_t s1, s2;
+    const char *string = "hejsan";
+
+    s1 = heim_string_create(string);
+    s2 = heim_string_create(string);
+
+    if (heim_cmp(s1, s2) != 0)
+	errx(1, "the same string is not the same");
+
+
+    heim_release(s1);
+    heim_release(s2);
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    int res = 0;
+
+    res |= test_memory();
+    res |= test_dict();
+    res |= test_auto_release();
+    res |= test_string();
+
+    return res;
+}

crypto/external/bsd/heimdal/dist/base/version-script.map

@@ -0,0 +1,28 @@
+HEIMDAL_BASE_1.0 {
+	global:
+		heim_abort;
+		heim_alloc;
+		heim_array_append_value;
+		heim_array_copy_value;
+		heim_array_create;
+		heim_array_delete_value;
+		heim_array_get_length;
+		heim_array_iterate_f;
+		heim_auto_release;
+		heim_auto_release_create;
+		heim_auto_release_drain;
+		heim_base_once_f;
+		heim_cmp;
+		heim_dict_add_value;
+		heim_dict_copy_value;
+		heim_dict_create;
+		heim_dict_delete_key;
+		heim_dict_iterate_f;
+		heim_release;
+		heim_retain;
+		heim_string_create;
+		heim_string_get_utf8;
+		heim_number_create;
+	local:
+		*;
+};

crypto/external/bsd/heimdal/dist/cf/Makefile.am.common

@@ -0,0 +1,257 @@
+# Id
+
+SUFFIXES = .et .h
+
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
+
+AM_CPPFLAGS = $(INCLUDES_roken)
+
+if do_roken_rename
+ROKEN_RENAME = -DROKEN_RENAME
+endif
+
+AM_CFLAGS = $(WFLAGS)
+
+CP	= cp
+
+## set build_HEADERZ to headers that should just be installed in build tree
+
+buildinclude = $(top_builddir)/include
+
+## these aren't detected by automake
+LIB_XauReadAuth		= @LIB_XauReadAuth@
+LIB_crypt		= @LIB_crypt@
+LIB_dbm_firstkey	= @LIB_dbm_firstkey@
+LIB_dbopen		= @LIB_dbopen@
+LIB_dlopen		= @LIB_dlopen@
+LIB_dn_expand		= @LIB_dn_expand@
+LIB_el_init		= @LIB_el_init@
+LIB_getattr		= @LIB_getattr@
+LIB_gethostbyname	= @LIB_gethostbyname@
+LIB_getpwent_r		= @LIB_getpwent_r@
+LIB_getpwnam_r		= @LIB_getpwnam_r@
+LIB_getsockopt		= @LIB_getsockopt@
+LIB_logout		= @LIB_logout@
+LIB_logwtmp		= @LIB_logwtmp@
+LIB_odm_initialize	= @LIB_odm_initialize@
+LIB_openpty		= @LIB_openpty@
+LIB_pidfile		= @LIB_pidfile@
+LIB_res_search		= @LIB_res_search@
+LIB_setpcred		= @LIB_setpcred@
+LIB_setsockopt		= @LIB_setsockopt@
+LIB_socket		= @LIB_socket@
+LIB_syslog		= @LIB_syslog@
+LIB_tgetent		= @LIB_tgetent@
+LIB_com_err		= @LIB_com_err@
+LIB_door_create		= @LIB_door_create@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+LIB_readline = @LIB_readline@
+
+LEXLIB = @LEXLIB@
+
+libexec_heimdaldir = $(libexecdir)/heimdal
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done ; \
+	foo='$(nobase_include_HEADERS)'; \
+	for f in $$foo; do \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+
+check-local::
+	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+	  foo=''; elif test '$(CHECK_LOCAL)'; then \
+	  foo='$(CHECK_LOCAL)'; else \
+	  foo='$(PROGRAMS)'; fi; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0 || exit 1; \
+	fi
+
+SUFFIXES += .x .z .hx
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+.hx.h:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+## MAINTAINERCLEANFILES += 
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+if KRB5
+LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+	$(top_builddir)/lib/asn1/libasn1.la
+LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+endif
+
+LIB_heimbase = $(top_builddir)/base/libheimbase.la
+
+if DCE
+LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+endif
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+	tobjdir=`cd $(top_builddir) && pwd` ; \
+	tsrcdir=`cd $(top_srcdir) && pwd` ; \
+	env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" != .; then \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+	  fi ; \
+	done

crypto/external/bsd/heimdal/dist/cf/aix.m4

@@ -0,0 +1,62 @@
+dnl
+dnl Id
+dnl
+
+AC_DEFUN([rk_AIX],[
+
+aix=no
+case "$host" in 
+*-*-aix3*)
+	aix=3
+	;;
+*-*-aix[[4-9]]*)
+	aix=4
+	;;
+esac
+
+AM_CONDITIONAL(AIX, test "$aix" != no)dnl
+AM_CONDITIONAL(AIX4, test "$aix" = 4)dnl
+
+AC_ARG_ENABLE(dynamic-afs,
+	AS_HELP_STRING([--disable-dynamic-afs],
+		[do not use loaded AFS library with AIX]))
+
+if test "$aix" != no; then
+
+	AC_DEFINE(NEED_QSORT, 1, [if your qsort is not a stable sort])
+
+	if test "$enable_dynamic_afs" != no; then
+		AC_REQUIRE([rk_DLOPEN])
+		if test "$ac_cv_func_dlopen" = no; then
+			AC_FIND_FUNC_NO_LIBS(loadquery, ld)
+		fi
+		if test "$ac_cv_func_dlopen" != no; then
+			AIX_EXTRA_KAFS='$(LIB_dlopen)'
+		elif test "$ac_cv_func_loadquery" != no; then
+			AIX_EXTRA_KAFS='$(LIB_loadquery)'
+		else
+			AC_MSG_NOTICE([not using dynloaded AFS library])
+			AIX_EXTRA_KAFS=
+			enable_dynamic_afs=no
+		fi
+	else
+		AIX_EXTRA_KAFS=
+	fi
+fi
+
+AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl
+AC_SUBST(AIX_EXTRA_KAFS)dnl
+
+if test "$aix" != no; then
+	AC_DEFINE([_ALL_SOURCE],1,[Required for functional/sane headers on AIX])
+fi
+
+AH_BOTTOM([#if _AIX
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif])
+
+])

crypto/external/bsd/heimdal/dist/cf/auth-modules.m4

@@ -0,0 +1,45 @@
+dnl Id
+dnl
+dnl Figure what authentication modules should be built
+dnl
+dnl rk_AUTH_MODULES(module-list)
+
+AC_DEFUN([rk_AUTH_MODULES],[
+AC_MSG_CHECKING([which authentication modules should be built])
+
+z='m4_ifval([$1], $1, [sia pam afskauthlib])'
+LIB_AUTH_SUBDIRS=
+for i in $z; do
+case $i in
+sia)
+if test "$ac_cv_header_siad_h" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+;;
+pam)
+case "${host}" in
+*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
+*)		ac_cv_want_pam_krb4=yes ;;
+esac
+
+if test "$ac_cv_want_pam_krb4" = yes -a \
+    "$ac_cv_header_security_pam_modules_h" = yes -a \
+    "$enable_shared" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+;;
+afskauthlib)
+case "${host}" in
+*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+esac
+;;
+esac
+done
+if test "$LIB_AUTH_SUBDIRS"; then
+	AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+else
+	AC_MSG_RESULT(none)
+fi
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+])

crypto/external/bsd/heimdal/dist/cf/broken-getaddrinfo.m4

@@ -0,0 +1,26 @@
+dnl Id
+dnl
+dnl test if getaddrinfo can handle numeric services
+
+AC_DEFUN([rk_BROKEN_GETADDRINFO],[
+AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv,
+AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int
+main(int argc, char **argv)
+{
+	struct addrinfo hints, *ai;
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_flags = AI_PASSIVE;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_family = PF_UNSPEC;
+	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
+		return 1;
+	if(getaddrinfo(NULL, "0", &hints, &ai) != 0)
+		return 1;
+	return 0;
+}
+]])],[ac_cv_func_getaddrinfo_numserv=yes],[ac_cv_func_getaddrinfo_numserv=no],[ac_cv_func_getaddrinfo_numserv=yes]))])

crypto/external/bsd/heimdal/dist/cf/broken-glob.m4

@@ -0,0 +1,29 @@
+dnl Id
+dnl
+dnl check for glob(3)
+dnl
+AC_DEFUN([AC_BROKEN_GLOB],[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <glob.h>]],[[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
+#ifdef GLOB_MAXPATH
+GLOB_MAXPATH
+#else
+GLOB_LIMIT
+#endif
+,
+NULL, NULL);
+]])],[:],[ac_cv_func_glob_working=no]))
+
+if test "$ac_cv_func_glob_working" = yes; then
+	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])

crypto/external/bsd/heimdal/dist/cf/broken-realloc.m4

@@ -0,0 +1,25 @@
+dnl
+dnl Id
+dnl
+dnl Test for realloc that doesn't handle NULL as first parameter
+dnl
+AC_DEFUN([rk_BROKEN_REALLOC], [
+AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [
+ac_cv_func_realloc_broken=no
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stddef.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv)
+{
+	return realloc(NULL, 17) == NULL;
+}
+]])],[:], [ac_cv_func_realloc_broken=yes],[:])
+])
+if test "$ac_cv_func_realloc_broken" = yes ; then
+	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.])
+fi
+AH_BOTTOM([#ifdef BROKEN_REALLOC
+#define realloc(X, Y) rk_realloc((X), (Y))
+#endif])
+])

crypto/external/bsd/heimdal/dist/cf/broken-snprintf.m4

@@ -0,0 +1,63 @@
+dnl Id
+dnl
+AC_DEFUN([AC_BROKEN_SNPRINTF], [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+int main(int argc, char **argv)
+{
+	char foo[[3]];
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2;
+}]])],[:],[ac_cv_func_snprintf_working=no],[:]))
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
+])
+
+AC_DEFUN([AC_BROKEN_VSNPRINTF],[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+	char bar[[3]];
+	va_list arg;
+	va_start(arg, num);
+	vsnprintf(bar, 2, "%s", arg);
+	va_end(arg);
+	return strcmp(bar, "1");
+}
+
+int bar(int num, int len, ...)
+{
+	int r;
+	va_list arg;
+	va_start(arg, len);
+	r = vsnprintf(NULL, 0, "%s", arg);
+	va_end(arg);
+	return r != len;
+}
+
+int main(int argc, char **argv)
+{
+	return foo(0, "12") || bar(0, 2, "12");
+}]])],[:],[ac_cv_func_vsnprintf_working=no],[:]))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
+fi
+])

crypto/external/bsd/heimdal/dist/cf/broken.m4

@@ -0,0 +1,12 @@
+dnl Id
+dnl
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries 
+
+AC_DEFUN([AC_BROKEN],
+[AC_FOREACH([rk_func], [$1],
+	[AC_CHECK_FUNC(rk_func,
+		[AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, 
+			[Define if you have the function `]rk_func['.])],
+		[rk_LIBOBJ(rk_func)])])])

crypto/external/bsd/heimdal/dist/cf/broken2.m4

@@ -0,0 +1,25 @@
+dnl Id
+dnl
+dnl AC_BROKEN but with more arguments
+
+dnl AC_BROKEN2(func, includes, arguments)
+AC_DEFUN([AC_BROKEN2],
+[AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_func_[]$1,
+[AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$1) || defined (__stub___$1)
+choke me
+#else
+$1($3);
+#endif
+]])], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])])
+if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then
+  AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define)
+  AC_MSG_RESULT(yes)
+else
+  AC_MSG_RESULT(no)
+  rk_LIBOBJ($1)
+fi])

crypto/external/bsd/heimdal/dist/cf/c-attribute.m4

@@ -0,0 +1,28 @@
+dnl
+dnl Id
+dnl
+
+dnl
+dnl Test for __attribute__
+dnl
+
+AC_DEFUN([AC_C___ATTRIBUTE__], [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+]])],
+[ac_cv___attribute__=yes],
+[ac_cv___attribute__=no])])
+if test "$ac_cv___attribute__" = "yes"; then
+  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+

crypto/external/bsd/heimdal/dist/cf/c-function.m4

@@ -0,0 +1,33 @@
+dnl
+dnl Id
+dnl
+
+dnl
+dnl Test for __FUNCTION__
+dnl
+
+AC_DEFUN([AC_C___FUNCTION__], [
+AC_MSG_CHECKING(for __FUNCTION__)
+AC_CACHE_VAL(ac_cv___function__, [
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <string.h>
+
+static char *foo(void)
+{
+  return __FUNCTION__;
+}
+
+int main(int argc, char **argc)
+{
+  return strcmp(foo(), "foo") != 0;
+}
+]])],
+[ac_cv___function__=yes],
+[ac_cv___function__=no],
+[ac_cv___function__=no])])
+if test "$ac_cv___function__" = "yes"; then
+  AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
+fi
+AC_MSG_RESULT($ac_cv___function__)
+])
+

crypto/external/bsd/heimdal/dist/cf/capabilities.m4

@@ -0,0 +1,14 @@
+dnl
+dnl Id
+dnl
+
+dnl
+dnl Test SGI capabilities
+dnl
+
+AC_DEFUN([KRB_CAPABILITIES],[
+
+AC_CHECK_HEADERS(capability.h sys/capability.h)
+
+AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
+])

crypto/external/bsd/heimdal/dist/cf/check-compile-et.m4

@@ -0,0 +1,110 @@
+dnl Id
+dnl
+dnl CHECK_COMPILE_ET
+AC_DEFUN([CHECK_COMPILE_ET], [
+
+AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
+
+krb_cv_compile_et="no"
+krb_cv_com_err_need_r=""
+krb_cv_compile_et_cross=no
+if test "${COMPILE_ET}" = "compile_et"; then
+
+dnl We have compile_et.  Now let's see if it supports `prefix' and `index'.
+AC_MSG_CHECKING(whether compile_et has the features we need)
+cat > conftest_et.et <<'EOF'
+error_table test conf
+prefix CONFTEST
+index 1
+error_code CODE1, "CODE1"
+index 128
+error_code CODE2, "CODE2"
+end
+EOF
+if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
+  dnl XXX Some systems have <et/com_err.h>.
+  save_CPPFLAGS="${CPPFLAGS}"
+  if test -d "/usr/include/et"; then
+    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
+  fi
+  dnl Check that the `prefix' and `index' directives were honored.
+  AC_RUN_IFELSE([
+#include <com_err.h>
+#include <string.h>
+#include "conftest_et.h"
+int main(int argc, char **argv){
+#ifndef ERROR_TABLE_BASE_conf
+#error compile_et does not handle error_table N M
+#endif
+return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
+  ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"],
+  [krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes] )
+fi
+AC_MSG_RESULT(${krb_cv_compile_et})
+if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then
+  AC_MSG_CHECKING([for if com_err generates a initialize_conf_error_table_r])
+  AC_EGREP_CPP([initialize_conf_error_table_r.*struct et_list],
+     [#include "conftest_et.h"],
+     [krb_cv_com_err_need_r="ok"])
+  if test X"$krb_cv_com_err_need_r" = X ; then
+    AC_MSG_RESULT(no)
+    krb_cv_compile_et=no
+  else
+    AC_MSG_RESULT(yes)
+  fi
+fi
+rm -fr conftest*
+fi
+
+if test "${krb_cv_compile_et_cross}" = yes ; then
+  krb_cv_com_err="cross"
+elif test "${krb_cv_compile_et}" = "yes"; then
+  dnl Since compile_et seems to work, let's check libcom_err
+  krb_cv_save_LIBS="${LIBS}"
+  LIBS="${LIBS} -lcom_err"
+  AC_MSG_CHECKING(for com_err)
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <com_err.h>]],[[
+    const char *p;
+    p = error_message(0);
+    initialize_error_table_r(0,0,0,0);
+    com_right_r(0, 0, 0, 0);
+  ]])],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
+  AC_MSG_RESULT(${krb_cv_com_err})
+  LIBS="${krb_cv_save_LIBS}"
+else
+  dnl Since compile_et doesn't work, forget about libcom_err
+  krb_cv_com_err="no"
+fi
+
+dnl Only use the system's com_err if we found compile_et, libcom_err, and
+dnl com_err.h.
+if test "${krb_cv_com_err}" = "yes"; then
+    DIR_com_err=""
+    LIB_com_err="-lcom_err"
+    LIB_com_err_a=""
+    LIB_com_err_so=""
+    AC_MSG_NOTICE(Using the already-installed com_err)
+    localcomerr=no
+elif test "${krb_cv_com_err}" = "cross"; then
+    DIR_com_err="com_err"
+    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+    AC_MSG_NOTICE(Using our own com_err with toolchain compile_et)
+    localcomerr=yes
+else
+    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
+    DIR_com_err="com_err"
+    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+    AC_MSG_NOTICE(Using our own com_err)
+    localcomerr=yes
+fi
+AM_CONDITIONAL(COM_ERR, test "$localcomerr" = yes)dnl
+AC_SUBST(DIR_com_err)
+AC_SUBST(LIB_com_err)
+AC_SUBST(LIB_com_err_a)
+AC_SUBST(LIB_com_err_so)
+
+])

crypto/external/bsd/heimdal/dist/cf/check-getpwnam_r-posix.m4

@@ -0,0 +1,25 @@
+dnl Id
+dnl
+dnl check for getpwnam_r, and if it's posix or not
+
+AC_DEFUN([AC_CHECK_GETPWNAM_R_POSIX],[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+	ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _POSIX_PTHREAD_SEMANTICS
+#include <pwd.h>
+int main(int argc, char **argv)
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+]])],[ac_cv_func_getpwnam_r_posix=yes],[ac_cv_func_getpwnam_r_posix=no],[:])
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
+])

crypto/external/bsd/heimdal/dist/cf/check-man.m4

@@ -0,0 +1,58 @@
+dnl Id
+dnl check how to format manual pages
+dnl
+
+AC_DEFUN([rk_CHECK_MAN],
+[AC_PATH_PROG(NROFF, nroff)
+AC_PATH_PROG(GROFF, groff)
+AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
+[cat > conftest.1 << END
+.Dd January 1, 1970
+.Dt CONFTEST 1
+.Sh NAME
+.Nm conftest
+.Nd
+foobar
+END
+
+if test "$NROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$NROFF" $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$NROFF $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$GROFF -Tascii $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format"; then
+	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
+fi
+])
+if test "$ac_cv_sys_man_format"; then
+	CATMAN="$ac_cv_sys_man_format"
+	AC_SUBST(CATMAN)
+fi
+AM_CONDITIONAL(CATMAN, test "$CATMAN")
+AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
+[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
+	ac_cv_sys_catman_ext=0
+else
+	ac_cv_sys_catman_ext=number
+fi
+])
+if test "$ac_cv_sys_catman_ext" = number; then
+	CATMANEXT='$$section'
+else
+	CATMANEXT=0
+fi
+AC_SUBST(CATMANEXT)
+])

crypto/external/bsd/heimdal/dist/cf/check-netinet-ip-and-tcp.m4

@@ -0,0 +1,33 @@
+dnl
+dnl Id
+dnl
+
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN([CHECK_NETINET_IP_AND_TCP],
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_CACHE_CHECK([for $i],ac_cv_header_$cv,
+[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+]])],
+[eval "ac_cv_header_$cv=yes"],
+[eval "ac_cv_header_$cv=no"])])
+ac_res=`eval echo \\$ac_cv_header_$cv`
+if test "$ac_res" = yes; then
+	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+	AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+if false;then
+	AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h)
+fi
+])

crypto/external/bsd/heimdal/dist/cf/check-type-extra.m4

@@ -0,0 +1,23 @@
+dnl Id
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN([AC_CHECK_TYPE_EXTRA],
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
+])

crypto/external/bsd/heimdal/dist/cf/check-var.m4

@@ -0,0 +1,28 @@
+dnl Id
+dnl
+dnl rk_CHECK_VAR(variable, includes)
+AC_DEFUN([rk_CHECK_VAR], [
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_var_$1, [
+m4_ifval([$2],[
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
+	void * foo(void) { return &$1; }]],[[foo()]])],
+	    [ac_cv_var_$1=yes],[ac_cv_var_$1=no])])
+if test "$ac_cv_var_$1" != yes ; then
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
+extern int $1;
+int foo(void) { return $1; }]],[[foo()]])],
+	    [ac_cv_var_$1=yes],[ac_cv_var_$1=no])
+fi
+])
+ac_foo=`eval echo \\$ac_cv_var_$1`
+AC_MSG_RESULT($ac_foo)
+if test "$ac_foo" = yes; then
+	AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, 
+		[Define if you have the `]$1[' variable.])
+	m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2]))
+fi
+])
+
+AC_WARNING_ENABLE([obsolete])
+AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])

crypto/external/bsd/heimdal/dist/cf/check-x.m4

@@ -0,0 +1,53 @@
+dnl 
+dnl See if there is any X11 present
+dnl
+dnl Id
+
+AC_DEFUN([KRB_CHECK_X],[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+		AC_RUN_IFELSE([
+		#include <X11/Xlib.h>
+		foo(void)
+		{
+		XOpenDisplay(NULL);
+		}
+		main(int argc, char **argv)
+		{
+		return 0;
+		}
+		],krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:,
+		krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break)
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	])
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+])

crypto/external/bsd/heimdal/dist/cf/check-xau.m4

@@ -0,0 +1,64 @@
+dnl Id
+dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
+dnl
+AC_DEFUN([AC_CHECK_XAU],[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+## check for XauWriteAuth first, so we detect the case where
+## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
+## could be done by checking for XauReadAuth in -lXau first, but this
+## breaks in IRIX 6.5
+
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau,[#include <X11/Xauth.h>],[0,0])
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau,[#include <X11/Xauth.h>],[0])
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau,[#include <X11/Xauth.h>])
+LIBS="$ac_xxx"
+
+## set LIB_XauReadAuth to union of these tests, since this is what the
+## Makefiles are using
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
+else
+	AC_SUBST(NEED_WRITEAUTH_TRUE)
+	AC_SUBST(NEED_WRITEAUTH_FALSE)
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+])

crypto/external/bsd/heimdal/dist/cf/crypto.m4

@@ -0,0 +1,179 @@
+dnl Id
+dnl
+dnl test for crypto libraries:
+dnl - libcrypto (from openssl)
+dnl - own-built libhcrypto
+
+m4_define([test_headers], [
+		#undef KRB5 /* makes md4.h et al unhappy */
+		#ifdef HAVE_OPENSSL
+		#ifdef HAVE_SYS_TYPES_H
+		#include <sys/types.h>
+		#endif
+		#include <openssl/evp.h>
+		#include <openssl/md4.h>
+		#include <openssl/md5.h>
+		#include <openssl/sha.h>
+		#include <openssl/des.h>
+		#include <openssl/rc4.h>
+		#include <openssl/aes.h>
+		#include <openssl/ec.h>
+		#include <openssl/engine.h>
+		#include <openssl/ui.h>
+		#include <openssl/rand.h>
+		#include <openssl/hmac.h>
+		#include <openssl/pkcs12.h>
+		#else
+		#include <hcrypto/evp.h>
+		#include <hcrypto/md4.h>
+		#include <hcrypto/md5.h>
+		#include <hcrypto/sha.h>
+		#include <hcrypto/des.h>
+		#include <hcrypto/rc4.h>
+		#include <hcrypto/aes.h>
+		#include <hcrypto/engine.h>
+		#include <hcrypto/hmac.h>
+		#include <hcrypto/pkcs12.h>
+		#endif
+		])
+m4_define([test_body], [
+		void *schedule = 0;
+		EVP_MD_CTX mdctx;
+
+		EVP_md4();
+		EVP_md5();
+		EVP_sha1();
+		EVP_sha256();
+
+		EVP_MD_CTX_init(&mdctx);
+		EVP_DigestInit_ex(&mdctx, EVP_sha1(), (ENGINE *)0);
+		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
+		UI_UTIL_read_pw_string(0,0,0,0);
+		RAND_status();
+		#ifdef HAVE_OPENSSL
+		EC_KEY_new();
+		#endif
+
+		OpenSSL_add_all_algorithms();
+		AES_encrypt(0,0,0);
+		DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
+		RC4(0, 0, 0, 0);])
+
+
+AC_DEFUN([KRB_CRYPTO],[
+crypto_lib=unknown
+AC_WITH_ALL([openssl])
+
+DIR_hcrypto=
+
+AC_MSG_CHECKING([for crypto library])
+
+openssl=no
+
+if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
+	save_CPPFLAGS="$CPPFLAGS"
+	save_LIBS="$LIBS"
+
+	cdirs= clibs=
+	for i in $LIB_krb4; do
+		case "$i" in
+		-L*) cdirs="$cdirs $i";;
+		-l*) clibs="$clibs $i";;
+		esac
+	done
+
+	ires=
+	for i in $INCLUDE_krb4; do
+		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
+		for j in $cdirs; do
+			for k in $clibs; do
+				LIBS="$j $k $save_LIBS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],
+						[test_body])],
+					[openssl=yes ires="$i" lres="$j $k"; break 3])
+			done
+		done
+		CFLAGS="$i $save_CFLAGS"
+		for j in $cdirs; do
+			for k in $clibs; do
+				LIBS="$j $k $save_LIBS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])],
+					[openssl=no ires="$i" lres="$j $k"; break 3])
+			done
+		done
+	done
+		
+	CFLAGS="$save_CFLAGS"
+	LIBS="$save_LIBS"
+	if test "$ires" -a "$lres"; then
+		INCLUDE_hcrypto="$ires"
+		LIB_hcrypto="$lres"
+		crypto_lib=krb4
+		AC_MSG_RESULT([same as krb4])
+		LIB_hcrypto_a='$(LIB_hcrypto)'
+		LIB_hcrypto_so='$(LIB_hcrypto)'
+		LIB_hcrypto_appl='$(LIB_hcrypto)'
+	fi
+fi
+
+if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
+	save_CFLAGS="$CFLAGS"
+	save_LIBS="$LIBS"
+	INCLUDE_hcrypto=
+	LIB_hcrypto=
+	if test "$with_openssl_include" != ""; then
+		INCLUDE_hcrypto="-I${with_openssl_include}"
+	fi
+	if test "$with_openssl_lib" != ""; then
+		LIB_hcrypto="-L${with_openssl_lib}"
+	fi
+	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}"
+	saved_LIB_hcrypto="$LIB_hcrypto"
+	for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do
+		LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres"
+		LIB_hcrypto_a="$LIB_hcrypto"
+		LIB_hcrypto_so="$LIB_hcrypto"
+		LIB_hcrypto_appl="$LIB_hcrypto"
+		LIBS="${LIBS} ${LIB_hcrypto}"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], [
+			crypto_lib=libcrypto openssl=yes
+			AC_MSG_RESULT([libcrypto])
+		])
+		if test "$crypto_lib" = libcrypto ; then
+			break;
+		fi
+	done
+	CFLAGS="$save_CFLAGS"
+	LIBS="$save_LIBS"
+fi
+
+if test "$crypto_lib" = "unknown"; then
+
+  DIR_hcrypto='hcrypto'
+  LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
+  LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
+  LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
+  LIB_hcrypto_appl="-lhcrypto"
+
+  AC_MSG_RESULT([included libhcrypto])
+
+fi
+
+if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
+	AC_MSG_ERROR([the crypto library used by krb4 lacks features
+required by Kerberos 5; to continue, you need to install a newer 
+Kerberos 4 or configure --without-krb4])
+fi
+
+if test "$openssl" = "yes"; then
+  AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
+fi
+AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
+
+AC_SUBST(DIR_hcrypto)
+AC_SUBST(INCLUDE_hcrypto)
+AC_SUBST(LIB_hcrypto)
+AC_SUBST(LIB_hcrypto_a)
+AC_SUBST(LIB_hcrypto_so)
+AC_SUBST(LIB_hcrypto_appl)
+])

crypto/external/bsd/heimdal/dist/cf/db.m4

@@ -0,0 +1,232 @@
+dnl Id
+dnl
+dnl tests for various db libraries
+dnl
+
+AC_DEFUN([rk_DB],[
+AC_ARG_WITH(berkeley-db,
+                       AS_HELP_STRING([--with-berkeley-db],
+                                      [enable support for berkeley db @<:@default=check@:>@]),
+                       [],
+                       [with_berkeley_db=check])
+
+dbheader=""
+AC_ARG_WITH(berkeley-db-include,
+                       AS_HELP_STRING([--with-berkeley-db-include=dir],
+		                      [use berkeley-db headers in dir]),
+		       [dbheader=$withval],
+		       [with_berkeley_db_include=check])
+
+AC_ARG_ENABLE(ndbm-db,
+                       AS_HELP_STRING([--disable-ndbm-db],
+                                      [if you don't want ndbm db]),[
+])
+
+have_ndbm=no
+db_type=unknown
+
+AS_IF([test "x$with_berkeley_db" != xno],
+  [AS_IF([test "x$with_berkeley_db_include" != xcheck],
+    [AC_CHECK_HEADERS(["$dbheader/db.h"],
+                   [AC_SUBST([DBHEADER], [$dbheader])
+		    AC_DEFINE([HAVE_DBHEADER], [1],
+		                      [Define if you have user supplied header location])
+	           ],
+		   [if test "x$with_berkeley_db_include" != xcheck; then
+		     AC_MSG_FAILURE(
+		       [--with-berkeley-db-include was given but include test failed])
+		    fi
+		   ])],
+    [AC_CHECK_HEADERS([					\
+	           db5/db.h				\
+	           db4/db.h				\
+	           db3/db.h				\
+	           db.h					\
+    ])])
+
+dnl db_create is used by db3 and db4 and db5
+
+  AC_FIND_FUNC_NO_LIBS(db_create, [$dbheader] db5 db4 db3 db, [
+  #include <stdio.h>
+  #ifdef HAVE_DBHEADER
+  #include <$dbheader/db.h>
+  #elif HAVE_DB5_DB_H
+  #include <db5/db.h>
+  #elif HAVE_DB4_DB_H
+  #include <db4/db.h>
+  #elif defined(HAVE_DB3_DB_H)
+  #include <db3/db.h>
+  #else
+  #include <db.h>
+  #endif
+  ],[NULL, NULL, 0])
+
+  if test "$ac_cv_func_db_create" = "yes"; then
+    db_type=db3
+    if test "$ac_cv_funclib_db_create" != "yes"; then
+      DBLIB="$ac_cv_funclib_db_create"
+    else
+      DBLIB=""
+    fi
+    AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4/5 library])
+  fi
+
+dnl dbopen is used by db1/db2
+
+  AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [
+  #include <stdio.h>
+  #if defined(HAVE_DB2_DB_H)
+  #include <db2/db.h>
+  #elif defined(HAVE_DB_H)
+  #include <db.h>
+  #else
+  #error no db.h
+  #endif
+  ],[NULL, 0, 0, 0, NULL])
+
+  if test "$ac_cv_func_dbopen" = "yes"; then
+    db_type=db1
+    if test "$ac_cv_funclib_dbopen" != "yes"; then
+      DBLIB="$ac_cv_funclib_dbopen"
+    else
+      DBLIB=""
+    fi
+    AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library])
+  fi
+
+dnl test for ndbm compatability
+
+  if test "$ac_cv_func_dbm_firstkey" != yes; then
+    AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [
+    #include <stdio.h>
+    #define DB_DBM_HSEARCH 1
+    #include <db.h>
+    DBM *dbm;
+    ],[NULL])
+  
+    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+      else
+        LIB_NDBM=""
+      fi
+      AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db])
+      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
+    else
+      $as_unset ac_cv_func_dbm_firstkey
+      $as_unset ac_cv_funclib_dbm_firstkey
+    fi
+  fi
+
+]) # fi berkeley db
+
+if test "$enable_ndbm_db" != "no"; then
+
+  if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
+
+    AC_CHECK_HEADERS([				\
+  	dbm.h					\
+  	ndbm.h					\
+    ])
+  
+    AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [
+    #include <stdio.h>
+    #if defined(HAVE_NDBM_H)
+    #include <ndbm.h>
+    #elif defined(HAVE_DBM_H)
+    #include <dbm.h>
+    #endif
+    DBM *dbm;
+    ],[NULL])
+  
+    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+      else
+        LIB_NDBM=""
+      fi
+      AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
+      have_ndbm=yes
+      if test "$db_type" = "unknown"; then
+        db_type=ndbm
+        DBLIB="$LIB_NDBM"
+      fi
+    else
+  
+      $as_unset ac_cv_func_dbm_firstkey
+      $as_unset ac_cv_funclib_dbm_firstkey
+  
+      AC_CHECK_HEADERS([				\
+  	  gdbm/ndbm.h				\
+      ])
+  
+      AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [
+      #include <stdio.h>
+      #include <gdbm/ndbm.h>
+      DBM *dbm;
+      ],[NULL])
+  
+      if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+        if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+  	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+        else
+  	LIB_NDBM=""
+        fi
+        AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
+        have_ndbm=yes
+        if test "$db_type" = "unknown"; then
+  	db_type=ndbm
+  	DBLIB="$LIB_NDBM"
+        fi
+      fi
+    fi
+  fi #enable_ndbm_db
+fi # unknown
+
+if test "$have_ndbm" = "yes"; then
+  AC_MSG_CHECKING([if ndbm is implemented with db])
+  AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
+#elif defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#endif
+int main(int argc, char **argv)
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if (d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}]])],[
+    if test -f conftest.db; then
+      AC_MSG_RESULT([yes])
+      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
+    else
+      AC_MSG_RESULT([no])
+    fi],[AC_MSG_RESULT([no])],[AC_MSG_RESULT([no-cross])])
+fi
+
+AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
+AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
+AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
+AM_CONDITIONAL(HAVE_DBHEADER, test "$dbheader" != "")dnl
+
+## it's probably not correct to include LDFLAGS here, but we might
+## need it, for now just add any possible -L
+z=""
+for i in $LDFLAGS; do
+	case "$i" in
+	-L*) z="$z $i";;
+	esac
+done
+DBLIB="$z $DBLIB"
+AC_SUBST(DBLIB)dnl
+AC_SUBST(LIB_NDBM)dnl
+])

crypto/external/bsd/heimdal/dist/cf/destdirs.m4

@@ -0,0 +1,18 @@
+dnl
+dnl Id
+dnl
+
+AC_DEFUN([rk_DESTDIRS], [
+# This is done by AC_OUTPUT but we need the result here.
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [
+	x="${rk_dir[]dir}"
+	eval y="$x"
+	while test "x$y" != "x$x"; do
+		x="$y"
+		eval y="$x"
+	done
+	AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])])
+])

crypto/external/bsd/heimdal/dist/cf/dispatch.m4

@@ -0,0 +1,20 @@
+
+AC_DEFUN([rk_LIBDISPATCH],[
+
+AC_CHECK_HEADERS([dispatch/dispatch.h])
+
+AC_FIND_FUNC_NO_LIBS(dispatch_async_f, dispatch,
+[#ifdef HAVE_DISPATCH_DISPATCH_H
+#include <dispatch/dispatch.h>
+#endif],[0,0,0])
+
+if test "$ac_cv_func_dispatch_async_f" = yes ; then
+    AC_DEFINE([HAVE_GCD], 1, [Define if os support gcd.])
+    libdispatch=yes
+else
+    libdispatch=no
+fi
+
+AM_CONDITIONAL(have_gcd, test "$libdispatch" = yes)
+
+])

crypto/external/bsd/heimdal/dist/cf/dlopen.m4

@@ -0,0 +1,11 @@
+dnl
+dnl Id
+dnl
+
+AC_DEFUN([rk_DLOPEN], [
+	AC_FIND_FUNC_NO_LIBS(dlopen, dl,[
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif],[0,0])
+	AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no)
+])